public class CORSConfiguration extends Object
Modifier and Type | Field and Description |
---|---|
boolean |
allowAnyOrigin
If
true the CORS filter must allow requests from any origin,
else the origin whitelist must be consulted. |
Set<ValidatedOrigin> |
allowedOrigins
Origins that the CORS filter must allow.
|
boolean |
allowGenericHttpRequests
If
true generic HTTP requests must be allowed to pass
through the filter, else only valid and accepted CORS requests must
be allowed (strict CORS filtering). |
boolean |
allowSubdomains
If
true the CORS filter must allow requests from any origin
which is a subdomain origin of the allowedOrigins . |
Set<String> |
exposedHeaders
The non-simple response headers that the web browser should expose
to the author of the CORS request.
|
int |
maxAge
Indicates how long the results of a preflight request can be cached
by the web client, in seconds.
|
boolean |
supportAnyHeader
If
true the CORS filter must support any requested header,
else the supported headers list must be
consulted. |
Set<String> |
supportedHeaders
The names of the supported author request headers.
|
Set<String> |
supportedMethods
The supported HTTP methods.
|
boolean |
supportsCredentials
Indicates whether user credentials, such as cookies, HTTP
authentication or client-side certificates, are supported.
|
boolean |
tagRequests
Enables HTTP servlet request tagging to provide CORS information to
downstream handlers.
|
Constructor and Description |
---|
CORSConfiguration(Properties props)
Creates a new CORS configuration from the specified properties.
|
Modifier and Type | Method and Description |
---|---|
boolean |
isAllowedOrigin(Origin origin)
Helper method to check whether requests from the specified origin
must be allowed.
|
boolean |
isAllowedSubdomainOrigin(Origin origin)
Helper method to check whether the specified origin is a subdomain
origin of the
allowedOrigins . |
boolean |
isSupportedHeader(String header)
Helper method to check whether the specified (non-simple) author
request header is supported.
|
boolean |
isSupportedMethod(String method)
Helper method to check whether the specified HTTP method is
supported.
|
protected static String[] |
parseWords(String s)
Parses a string containing words separated by space and/or comma.
|
public final boolean allowGenericHttpRequests
true
generic HTTP requests must be allowed to pass
through the filter, else only valid and accepted CORS requests must
be allowed (strict CORS filtering).
Property key: cors.allowGenericHttpRequests
public final boolean allowAnyOrigin
true
the CORS filter must allow requests from any origin,
else the origin whitelist
must be consulted.
Property key: cors.allowOrigin (set to *
)
public final Set<ValidatedOrigin> allowedOrigins
allowAnyOrigin
.
Note: The set is of type String instead of Origin to bypass parsing of the request origins before matching, see http://lists.w3.org/Archives/Public/public-webapps/2010JulSep/1046.html
Property key: cors.allowOrigin
public final boolean allowSubdomains
true
the CORS filter must allow requests from any origin
which is a subdomain origin of the allowedOrigins
.
Example:
Explicitly allowed origin: http://example.com
Matches the original origin as well as any subdomain, e.g.
http://foo.example.com
, http://bar.example.com
,
etc...
Property key: cors.allowSubdomains
public final Set<String> supportedMethods
Property key: cors.supportedMethods
public final boolean supportAnyHeader
true
the CORS filter must support any requested header,
else the supported headers list
must be
consulted.
Property key: cors.supportedHeaders
public final Set<String> supportedHeaders
supportAnyHeader
is false
. Never null
.
Property key: cors.supportedHeaders
public final Set<String> exposedHeaders
Property key: cors.exposedHeaders
public final boolean supportsCredentials
Property key: cors.supportsCredentials
public final int maxAge
-1
unspecified.
Property key: cors.maxAge
public final boolean tagRequests
Property key: cors.tagRequests
public CORSConfiguration(Properties props) throws CORSConfigurationException
The following properties are recognised (if missing they default to the specified values):
true
.
*
.
false
.
"GET,
POST, HEAD, OPTIONS"
.
*
.
true
.
-1
(unspecified).
false
.
props
- The properties. Must not be null
.CORSConfigurationException
- On a invalid property.public final boolean isAllowedOrigin(Origin origin)
origin
- The origin as reported by the web client (browser),
null
if unknown.true
if the origin is allowed, else false
.public final boolean isAllowedSubdomainOrigin(Origin origin)
allowedOrigins
. This is done by matching the
origin's scheme, hostname and port against each of the
allowedOrigins
.
Example:
Origin: https://foo.example.com
matches
cors.allowedOrigin = https://example.com
whereas
cors.allowedOrigin = http://example.com
would not match.
origin
- The origin as reported by the web client (browser),
null
if unknown.true
if the origin is an allowed subdomain origin,
else false
.public final boolean isSupportedMethod(String method)
supportedMethods
.method
- The HTTP method.true
if the method is supported, else false
.public final boolean isSupportedHeader(String header)
header
- The header field name.true
if the header is supported, else false
.protected static String[] parseWords(String s)
s
- The string to parse. Must not be null
.Copyright © 2010–2019 The Transaction Company. All rights reserved.