Package com.linecorp.armeria.server.annotation.decorator

Annotation Interface CorsDecorator

@Repeatable(CorsDecorators.class)
@Retention(RUNTIME)
@Target({TYPE,METHOD})
public @interface CorsDecorator

A CorsService decorator for annotated HTTP services.

Required Element Summary

Required Elements

Modifier and Type	Required Element	Description
String[]	origins	Allowed origins.

Optional Element Summary

Optional Elements

Modifier and Type	Optional Element	Description
boolean	allowAllRequestHeaders	Allows all HTTP headers in the CORS "Access-Control-Request-Headers" request header.
String[]	allowedRequestHeaders	The headers that should be returned in the CORS "Access-Control-Allow-Headers" response header.
HttpMethod[]	allowedRequestMethods	The allowed HTTP request methods that should be returned in the CORS "Access-Control-Allow-Methods" response header.
boolean	credentialsAllowed	Determines if cookies are allowed to be added to CORS requests.
String[]	exposedHeaders	The headers to be exposed to calling clients.
long	maxAge	The value of the CORS "Access-Control-Max-Age" response header which enables the caching of the preflight response for the specified time.
boolean	nullOriginAllowed	Determines if a "null" origin is allowed.
String[]	pathPatterns	The path patterns that this policy is supposed to be applied to.
boolean	preflightRequestDisabled	Determines if no preflight response headers should be added to a CORS preflight response.
AdditionalHeader[]	preflightRequestHeaders	The HTTP response headers that should be added to a CORS preflight response.

Element Details

origins

String[] origins

Allowed origins. Sets this property to be "*" to allow any origin.

pathPatterns

String[] pathPatterns

The path patterns that this policy is supposed to be applied to. If unspecified, all paths would be accepted.

Default:

{}

allowedRequestMethods

HttpMethod[] allowedRequestMethods

The allowed HTTP request methods that should be returned in the CORS "Access-Control-Allow-Methods" response header.

See Also:

• CorsPolicyBuilder.allowRequestMethods(HttpMethod...)

Default:

{}

maxAge

long maxAge

The value of the CORS "Access-Control-Max-Age" response header which enables the caching of the preflight response for the specified time. During this time no preflight request will be made.

See Also:

• CorsPolicyBuilder.maxAge(long)

Default:

0L

exposedHeaders

String[] exposedHeaders

The headers to be exposed to calling clients.

See Also:

• CorsPolicyBuilder.exposeHeaders(CharSequence...)

Default:

{}

allowAllRequestHeaders

boolean allowAllRequestHeaders

Allows all HTTP headers in the CORS "Access-Control-Request-Headers" request header.

See Also:

• CorsPolicyBuilder.allowAllRequestHeaders(boolean)

Default:

false

allowedRequestHeaders

String[] allowedRequestHeaders

The headers that should be returned in the CORS "Access-Control-Allow-Headers" response header.

See Also:

• CorsPolicyBuilder.allowRequestHeaders(CharSequence...)

Default:

{}

credentialsAllowed

boolean credentialsAllowed

Determines if cookies are allowed to be added to CORS requests. Settings this to be true will set the CORS "Access-Control-Allow-Credentials" response header to "true".

If unset, will be false.

See Also:

• CorsPolicyBuilder.allowCredentials()

Default:

false

nullOriginAllowed

boolean nullOriginAllowed

Determines if a "null" origin is allowed.

If unset, will be false.

See Also:

• CorsPolicyBuilder.allowNullOrigin()

Default:

false

preflightRequestHeaders

AdditionalHeader[] preflightRequestHeaders

The HTTP response headers that should be added to a CORS preflight response.

See Also:

• CorsPolicyBuilder.preflightResponseHeader(CharSequence, Object...)

Default:

{}

preflightRequestDisabled

boolean preflightRequestDisabled

Determines if no preflight response headers should be added to a CORS preflight response.

If unset, will be false.

See Also:

• CorsPolicyBuilder.disablePreflightResponseHeaders()

Default:

false