public class DefaultCorsProcessor extends java.lang.Object implements CorsProcessor
CorsProcessor
, as defined by the
CORS W3C recommendation.
Note that when input CorsConfiguration
is null
, this
implementation does not reject simple or actual requests outright but simply
avoid adding CORS headers to the response. CORS processing is also skipped
if the response already contains CORS headers, or if the request is detected
as a same-origin one.
Modifier and Type | Field and Description |
---|---|
private static Log |
logger |
private static java.nio.charset.Charset |
UTF8_CHARSET |
Constructor and Description |
---|
DefaultCorsProcessor() |
Modifier and Type | Method and Description |
---|---|
protected java.util.List<java.lang.String> |
checkHeaders(CorsConfiguration config,
java.util.List<java.lang.String> requestHeaders)
Check the headers and determine the headers for the response of a
pre-flight request.
|
protected java.util.List<HttpMethod> |
checkMethods(CorsConfiguration config,
HttpMethod requestMethod)
Check the HTTP method and determine the methods for the response of a
pre-flight request.
|
protected java.lang.String |
checkOrigin(CorsConfiguration config,
java.lang.String requestOrigin)
Check the origin and determine the origin for the response.
|
private java.util.List<java.lang.String> |
getHeadersToUse(ServerHttpRequest request,
boolean isPreFlight) |
private HttpMethod |
getMethodToUse(ServerHttpRequest request,
boolean isPreFlight) |
protected boolean |
handleInternal(ServerHttpRequest request,
ServerHttpResponse response,
CorsConfiguration config,
boolean preFlightRequest)
Handle the given request.
|
boolean |
processRequest(CorsConfiguration config,
HttpServletRequest request,
HttpServletResponse response)
Process a request given a
CorsConfiguration . |
protected void |
rejectRequest(ServerHttpResponse response)
Invoked when one of the CORS checks failed.
|
private boolean |
responseHasCors(ServerHttpResponse response) |
private static final java.nio.charset.Charset UTF8_CHARSET
private static final Log logger
public boolean processRequest(CorsConfiguration config, HttpServletRequest request, HttpServletResponse response) throws java.io.IOException
CorsProcessor
CorsConfiguration
.processRequest
in interface CorsProcessor
config
- the applicable CORS configuration (possibly null
)request
- the current requestresponse
- the current responsefalse
if the request is rejected, true
otherwisejava.io.IOException
private boolean responseHasCors(ServerHttpResponse response)
protected void rejectRequest(ServerHttpResponse response) throws java.io.IOException
java.io.IOException
protected boolean handleInternal(ServerHttpRequest request, ServerHttpResponse response, CorsConfiguration config, boolean preFlightRequest) throws java.io.IOException
java.io.IOException
protected java.lang.String checkOrigin(CorsConfiguration config, java.lang.String requestOrigin)
CorsConfiguration.checkOrigin(String)
.protected java.util.List<HttpMethod> checkMethods(CorsConfiguration config, HttpMethod requestMethod)
CorsConfiguration.checkOrigin(String)
.private HttpMethod getMethodToUse(ServerHttpRequest request, boolean isPreFlight)
protected java.util.List<java.lang.String> checkHeaders(CorsConfiguration config, java.util.List<java.lang.String> requestHeaders)
CorsConfiguration.checkOrigin(String)
.private java.util.List<java.lang.String> getHeadersToUse(ServerHttpRequest request, boolean isPreFlight)