public class DefaultCorsProcessor extends Object implements CorsProcessor
CorsProcessor
,
as defined by the CORS W3C recommendation.
Note that when input CorsConfiguration
is null
, this
implementation does not reject simple or actual requests outright but simply
avoid adding CORS headers to the response. CORS processing is also skipped
if the response already contains CORS headers.
Constructor and Description |
---|
DefaultCorsProcessor() |
Modifier and Type | Method and Description |
---|---|
protected List<String> |
checkHeaders(CorsConfiguration config,
List<String> requestHeaders)
Check the headers and determine the headers for the response of a
pre-flight request.
|
protected List<HttpMethod> |
checkMethods(CorsConfiguration config,
HttpMethod requestMethod)
Check the HTTP method and determine the methods for the response of a
pre-flight request.
|
protected String |
checkOrigin(CorsConfiguration config,
String requestOrigin)
Check the origin and determine the origin for the response.
|
protected boolean |
handleInternal(ServerWebExchange exchange,
CorsConfiguration config,
boolean preFlightRequest)
Handle the given request.
|
boolean |
process(CorsConfiguration config,
ServerWebExchange exchange)
Process a request using the given
CorsConfiguration . |
protected void |
rejectRequest(ServerHttpResponse response)
Invoked when one of the CORS checks failed.
|
public boolean process(@Nullable CorsConfiguration config, ServerWebExchange exchange)
CorsProcessor
CorsConfiguration
.process
in interface CorsProcessor
config
- the CORS configuration to use; possibly null
in which case pre-flight requests are rejected, but all others allowed.exchange
- the current exchangefalse
if the request was rejected, true
otherwiseprotected void rejectRequest(ServerHttpResponse response)
protected boolean handleInternal(ServerWebExchange exchange, CorsConfiguration config, boolean preFlightRequest)
@Nullable protected String checkOrigin(CorsConfiguration config, @Nullable String requestOrigin)
CorsConfiguration.checkOrigin(String)
.@Nullable protected List<HttpMethod> checkMethods(CorsConfiguration config, @Nullable HttpMethod requestMethod)
CorsConfiguration.checkHttpMethod(HttpMethod)
.@Nullable protected List<String> checkHeaders(CorsConfiguration config, List<String> requestHeaders)
CorsConfiguration.checkOrigin(String)
.