Package org.springframework.web.cors
Class DefaultCorsProcessor
java.lang.Object
org.springframework.web.cors.DefaultCorsProcessor
- All Implemented Interfaces:
CorsProcessor
The default implementation of
CorsProcessor
, as defined by the
CORS W3C recommendation.
Note that when the supplied CorsConfiguration
is null
, this
implementation does not reject simple or actual requests outright but simply
avoids adding CORS headers to the response. CORS processing is also skipped
if the response already contains CORS headers.
- Since:
- 4.2
- Author:
- Sebastien Deleuze, Rossen Stoyanchev
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptioncheckHeaders
(CorsConfiguration config, List<String> requestHeaders) Check the headers and determine the headers for the response of a pre-flight request.protected List<HttpMethod>
checkMethods
(CorsConfiguration config, HttpMethod requestMethod) Check the HTTP method and determine the methods for the response of a pre-flight request.protected String
checkOrigin
(CorsConfiguration config, String requestOrigin) Check the origin and determine the origin for the response.protected boolean
handleInternal
(ServerHttpRequest request, ServerHttpResponse response, CorsConfiguration config, boolean preFlightRequest) Handle the given request.boolean
processRequest
(CorsConfiguration config, HttpServletRequest request, HttpServletResponse response) Process a request given aCorsConfiguration
.protected void
rejectRequest
(ServerHttpResponse response) Invoked when one of the CORS checks failed.
-
Constructor Details
-
DefaultCorsProcessor
public DefaultCorsProcessor()
-
-
Method Details
-
processRequest
public boolean processRequest(@Nullable CorsConfiguration config, HttpServletRequest request, HttpServletResponse response) throws IOException Description copied from interface:CorsProcessor
Process a request given aCorsConfiguration
.- Specified by:
processRequest
in interfaceCorsProcessor
- Parameters:
config
- the applicable CORS configuration (possiblynull
)request
- the current requestresponse
- the current response- Returns:
false
if the request is rejected,true
otherwise- Throws:
IOException
-
rejectRequest
Invoked when one of the CORS checks failed. The default implementation sets the response status to 403 and writes "Invalid CORS request" to the response.- Throws:
IOException
-
handleInternal
protected boolean handleInternal(ServerHttpRequest request, ServerHttpResponse response, CorsConfiguration config, boolean preFlightRequest) throws IOException Handle the given request.- Throws:
IOException
-
checkOrigin
Check the origin and determine the origin for the response. The default implementation simply delegates toCorsConfiguration.checkOrigin(String)
. -
checkMethods
@Nullable protected List<HttpMethod> checkMethods(CorsConfiguration config, @Nullable HttpMethod requestMethod) Check the HTTP method and determine the methods for the response of a pre-flight request. The default implementation simply delegates toCorsConfiguration.checkHttpMethod(HttpMethod)
. -
checkHeaders
@Nullable protected List<String> checkHeaders(CorsConfiguration config, List<String> requestHeaders) Check the headers and determine the headers for the response of a pre-flight request. The default implementation simply delegates toCorsConfiguration.checkHeaders(List)
.
-