Class | Description |
---|---|
CORSConfiguration |
The CORS filter configuration.
|
CORSConfigurationLoader |
CORS configuration loader.
|
CORSFilter |
Cross-Origin Resource Sharing (CORS) servlet filter.
|
CORSRequestHandler |
Handles incoming cross-origin (CORS) requests according to the configured
access policy.
|
CORSResponseWrapper |
HTTP response wrapper that preserves the CORS response headers on
ServletResponse.reset() . |
HeaderName |
HTTP header name constants and utilities.
|
HeaderUtils |
Header utilities.
|
Origin |
Resource request origin (not validated), as defined in The Web Origin
Concept (RFC 6454).
|
RequestTagger |
Request tagger.
|
ValidatedOrigin |
Validated resource request origin, as defined in The Web Origin Concept
(RFC 6454).
|
Enum | Description |
---|---|
CORSRequestType |
Enumeration of the CORS request types.
|
Exception | Description |
---|---|
CORSConfigurationException |
CORS filter configuration exception, intended to report invalid init
parameters at startup.
|
CORSException |
Base Cross-Origin Resource Sharing (CORS) exception, typically thrown during
processing of CORS requests.
|
OriginException |
Origin exception.
|
This package provides a Java servlet filter that implements the Cross-Origin Resource Sharing (CORS) mechanism for making cross-site HTTP requests from web browsers. The CORS W3C working draft stabilised in 2009 and as of 2010 CORS is supported by all major browsers such as Firefox, Safari, Chrome and IE.
To enable CORS for a particular HTTP resource, such as a servlet, JSP or
plain HTML file, attach a CORSFilter
to it via a <filter-mapping>
element in the web.xml
descriptor file. The default CORS filter policy is to allow any origin
(including credentials). To impose a stricter access policy configure the
filter using the supported <init-param>
elements or a Java
properties file. See the CORSFilter
JavaDoc for configuration details.
The CORS Filter can be configured to tag the allowed CORS HTTP requests
with HttpServletRequest.addAttribute
to provide the following
information to downstream handlers:
cors.isCorsRequest
{Boolean} Indicates if the HTTP request
is CORS.
cors.origin
{String} the value of the "Origin" header,
null
if undefined.
cors.requestType
{String} If the request is CORS, indicates
its type - "actual" for simple / actual or "preflight".
cors.requestHeaders
{String} if the request is CORS
preflight, the value of the "Access-Control-Request-Headers" header,
null
if undefined.
This CORS filter version implements the W3C recommendation from 16 January 2014.
Supported CORS request types:
Supported CORS headers:
Package dependencies:
com.thetransactioncompany.util
provides parsing of the filter
init parameters (included in the CORS filter distribution).Copyright © 2010–2019 The Transaction Company. All rights reserved.