Package org.springframework.web.cors.reactive

Class CorsUtils

java.lang.Object
org.springframework.web.cors.reactive.CorsUtils
public abstract class CorsUtils extends Object
Utility class for CORS reactive request handling based on the CORS W3C recommendation.
Since:
5.0
Author:
Sebastien Deleuze

  • Constructor Details

    • CorsUtils

      public CorsUtils()

  • Method Details

    • isCorsRequest

      public static boolean isCorsRequest(ServerHttpRequest request)
      Returns true if the request is a valid CORS one by checking Origin header presence and ensuring that origins are different via isSameOrigin(org.springframework.http.server.reactive.ServerHttpRequest).

    • isPreFlightRequest

      public static boolean isPreFlightRequest(ServerHttpRequest request)
      Returns true if the request is a valid CORS pre-flight one by checking OPTIONS method with Origin and Access-Control-Request-Method headers presence.

    • isSameOrigin

      @Deprecated public static boolean isSameOrigin(ServerHttpRequest request)
      Deprecated.
      as of 5.2, same-origin checks are performed directly by isCorsRequest(org.springframework.http.server.reactive.ServerHttpRequest)
      Check if the request is a same-origin one, based on Origin, and Host headers.

      Note: as of 5.1 this method ignores "Forwarded" and "X-Forwarded-*" headers that specify the client-originated address. Consider using the ForwardedHeaderFilter to extract and use, or to discard such headers.

      Returns:
      true if the request is a same-origin one, false in case of a cross-origin request