public class CorsConfiguration extends Object
Modifier and Type | Field and Description |
---|---|
static String |
ALL
Wildcard representing all origins, methods, or headers.
|
Constructor and Description |
---|
CorsConfiguration()
Construct a new, empty
CorsConfiguration instance. |
CorsConfiguration(CorsConfiguration other)
Construct a new
CorsConfiguration instance by copying all
values from the supplied CorsConfiguration . |
Modifier and Type | Method and Description |
---|---|
void |
addAllowedHeader(String allowedHeader)
Add an actual request header to allow.
|
void |
addAllowedMethod(HttpMethod method)
Add an HTTP method to allow.
|
void |
addAllowedMethod(String method)
Add an HTTP method to allow.
|
void |
addAllowedOrigin(String origin)
Add an origin to allow.
|
void |
addExposedHeader(String exposedHeader)
Add a response header to expose.
|
List<String> |
checkHeaders(List<String> requestHeaders)
Check the supplied request headers (or the headers listed in the
Access-Control-Request-Headers of a pre-flight request) against
the configured allowed headers. |
List<HttpMethod> |
checkHttpMethod(HttpMethod requestMethod)
Check the HTTP request method (or the method from the
Access-Control-Request-Method header on a pre-flight request)
against the configured allowed methods. |
String |
checkOrigin(String requestOrigin)
Check the origin of the request against the configured allowed origins.
|
CorsConfiguration |
combine(CorsConfiguration other)
Combine the supplied
CorsConfiguration with this one. |
Boolean |
getAllowCredentials()
Return the configured
allowCredentials flag, possibly null . |
List<String> |
getAllowedHeaders()
Return the allowed actual request headers, possibly
null . |
List<String> |
getAllowedMethods()
Return the allowed HTTP methods, possibly
null in which case
only "GET" is allowed. |
List<String> |
getAllowedOrigins()
Return the configured origins to allow, possibly
null . |
List<String> |
getExposedHeaders()
Return the configured response headers to expose, possibly
null . |
Long |
getMaxAge()
Return the configured
maxAge value, possibly null . |
void |
setAllowCredentials(Boolean allowCredentials)
Whether user credentials are supported.
|
void |
setAllowedHeaders(List<String> allowedHeaders)
Set the list of headers that a pre-flight request can list as allowed
for use during an actual request.
|
void |
setAllowedMethods(List<String> allowedMethods)
Set the HTTP methods to allow, e.g.
|
void |
setAllowedOrigins(List<String> allowedOrigins)
Set the origins to allow, e.g.
|
void |
setExposedHeaders(List<String> exposedHeaders)
Set the list of response headers other than simple headers (i.e.
|
void |
setMaxAge(Long maxAge)
Configure how long, in seconds, the response from a pre-flight request
can be cached by clients.
|
public static final String ALL
public CorsConfiguration()
CorsConfiguration
instance.public CorsConfiguration(CorsConfiguration other)
CorsConfiguration
instance by copying all
values from the supplied CorsConfiguration
.public CorsConfiguration combine(CorsConfiguration other)
CorsConfiguration
with this one.
Properties of this configuration are overridden by any non-null properties of the supplied one.
CorsConfiguration
or this
configuration if the supplied configuration is null
public void setAllowedOrigins(List<String> allowedOrigins)
"http://domain1.com"
.
The special value "*"
allows all domains.
By default this is not set.
public List<String> getAllowedOrigins()
null
.addAllowedOrigin(String)
,
setAllowedOrigins(List)
public void addAllowedOrigin(String origin)
public void setAllowedMethods(List<String> allowedMethods)
"GET"
, "POST"
,
"PUT"
, etc.
The special value "*"
allows all methods.
If not set, only "GET"
is allowed.
By default this is not set.
public List<String> getAllowedMethods()
null
in which case
only "GET"
is allowed.public void addAllowedMethod(HttpMethod method)
public void addAllowedMethod(String method)
public void setAllowedHeaders(List<String> allowedHeaders)
The special value "*"
allows actual requests to send any
header.
A header name is not required to be listed if it is one of:
Cache-Control
, Content-Language
, Expires
,
Last-Modified
, or Pragma
.
By default this is not set.
public List<String> getAllowedHeaders()
null
.addAllowedHeader(String)
,
setAllowedHeaders(List)
public void addAllowedHeader(String allowedHeader)
public void setExposedHeaders(List<String> exposedHeaders)
Cache-Control
, Content-Language
, Content-Type
,
Expires
, Last-Modified
, or Pragma
) that an
actual response might have and can be exposed.
Note that "*"
is not a valid exposed header value.
By default this is not set.
public List<String> getExposedHeaders()
null
.addExposedHeader(String)
,
setExposedHeaders(List)
public void addExposedHeader(String exposedHeader)
Note that "*"
is not a valid exposed header value.
public void setAllowCredentials(Boolean allowCredentials)
By default this is not set (i.e. user credentials are not supported).
public Boolean getAllowCredentials()
allowCredentials
flag, possibly null
.setAllowCredentials(Boolean)
public void setMaxAge(Long maxAge)
By default this is not set.
public Long getMaxAge()
maxAge
value, possibly null
.setMaxAge(Long)
public String checkOrigin(String requestOrigin)
requestOrigin
- the origin to checknull
which
means the request origin is not allowedpublic List<HttpMethod> checkHttpMethod(HttpMethod requestMethod)
Access-Control-Request-Method
header on a pre-flight request)
against the configured allowed methods.requestMethod
- the HTTP request method to checknull
if the supplied requestMethod
is not allowedpublic List<String> checkHeaders(List<String> requestHeaders)
Access-Control-Request-Headers
of a pre-flight request) against
the configured allowed headers.requestHeaders
- the request headers to checknull
if none of the supplied request headers is allowed