public abstract class CorsUtils extends Object
Constructor and Description |
---|
CorsUtils() |
Modifier and Type | Method and Description |
---|---|
static boolean |
isCorsRequest(ServerHttpRequest request)
Returns
true if the request is a valid CORS one by checking Origin
header presence and ensuring that origins are different via isSameOrigin(org.springframework.http.server.reactive.ServerHttpRequest) . |
static boolean |
isPreFlightRequest(ServerHttpRequest request)
Returns
true if the request is a valid CORS pre-flight one by checking {code OPTIONS} method with
Origin and Access-Control-Request-Method headers presence. |
static boolean |
isSameOrigin(ServerHttpRequest request)
Deprecated.
as of 5.2, same-origin checks are performed directly by
isCorsRequest(org.springframework.http.server.reactive.ServerHttpRequest) |
public static boolean isCorsRequest(ServerHttpRequest request)
true
if the request is a valid CORS one by checking Origin
header presence and ensuring that origins are different via isSameOrigin(org.springframework.http.server.reactive.ServerHttpRequest)
.public static boolean isPreFlightRequest(ServerHttpRequest request)
true
if the request is a valid CORS pre-flight one by checking {code OPTIONS} method with
Origin
and Access-Control-Request-Method
headers presence.@Deprecated public static boolean isSameOrigin(ServerHttpRequest request)
isCorsRequest(org.springframework.http.server.reactive.ServerHttpRequest)
Origin
, and
Host
headers.
Note: as of 5.1 this method ignores
"Forwarded"
and "X-Forwarded-*"
headers that specify the
client-originated address. Consider using the ForwardedHeaderFilter
to extract and use, or to discard such headers.
true
if the request is a same-origin one, false
in case
of a cross-origin request