java.lang.Object
io.jooby.handler.Cors
Cross-origin resource sharing.
Cross-origin resource sharing (CORS) is a mechanism that allows restricted resources (e.g. fonts, JavaScript, etc.) on a web page to be requested from another domain outside the domain from which the resource originated.
This class represent the available options for configure CORS in Jooby.
usage
{ use(new CorsHandler()); }
Previous example, adds a cors filter using the default cors options.
- Since:
- 2.0.4
- Author:
- edgar
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionboolean
allowHeader
(String... headers) True if all the headers are allowed.boolean
allowHeaders
(List<String> headers) True if all the headers are allowed.boolean
allowMethod
(String method) True if the method is allowed.boolean
allowOrigin
(String origin) Test if the given origin is allowed or not.boolean
boolean
static Cors
from
(com.typesafe.config.Config conf) Get cors options from application configuration file.An origin must be a "*" (any origin), a domain name (like, http://foo.com) and/or a regex (like, http://*.domain.com).boolean
If true, set theAccess-Control-Allow-Credentials
header.setExposedHeaders
(String... exposedHeaders) Set the list of exposed headers.setExposedHeaders
(List<String> exposedHeaders) Set the list of exposed headers.setHeaders
(String... headers) Set one or more allowed headers.setHeaders
(List<String> headers) Set one or more allowed headers.Set the preflight max age header.setMethods
(String... methods) Set one or more allowed methods.setMethods
(List<String> methods) Set one or more allowed methods.Set the allowed origins.Set the allowed origins.setUseCredentials
(boolean credentials) If true, set theAccess-Control-Allow-Credentials
header.
-
Constructor Details
-
Cors
public Cors()Creates defaultCors
. Default options are:origin: "*" credentials: true allowedMethods: [GET, POST] allowedHeaders: [X-Requested-With, Content-Type, Accept, Origin] maxAge: 30m exposedHeaders: []
-
-
Method Details
-
getUseCredentials
public boolean getUseCredentials()If true, set theAccess-Control-Allow-Credentials
header.- Returns:
- If the
Access-Control-Allow-Credentials
header must be set.
-
setUseCredentials
If true, set theAccess-Control-Allow-Credentials
header.- Parameters:
credentials
- Credentials.- Returns:
- This cors.
-
anyOrigin
public boolean anyOrigin()- Returns:
- True if any origin is accepted.
-
getOrigin
An origin must be a "*" (any origin), a domain name (like, http://foo.com) and/or a regex (like, http://*.domain.com).- Returns:
- List of valid origins: Default is:
*
-
allowOrigin
Test if the given origin is allowed or not.- Parameters:
origin
- The origin to test.- Returns:
- True if the origin is allowed.
-
setOrigin
Set the allowed origins. An origin must be a "*" (any origin), a domain name (like, http://foo.com) and/or a regex (like, http://*.domain.com).- Parameters:
origin
- One ore more origin.- Returns:
- This cors.
-
setOrigin
Set the allowed origins. An origin must be a "*" (any origin), a domain name (like, http://foo.com) and/or a regex (like, http://*.domain.com).- Parameters:
origin
- One ore more origin.- Returns:
- This cors.
-
allowMethod
True if the method is allowed.- Parameters:
method
- Method to test.- Returns:
- True if the method is allowed.
-
getMethods
- Returns:
- List of allowed methods.
-
setMethods
Set one or more allowed methods.- Parameters:
methods
- One or more method.- Returns:
- This cors.
-
setMethods
Set one or more allowed methods.- Parameters:
methods
- One or more method.- Returns:
- This cors.
-
anyHeader
public boolean anyHeader()- Returns:
- True if any header is allowed:
*
.
-
allowHeader
True if all the headers are allowed.- Parameters:
headers
- Headers to test.- Returns:
- True if all the headers are allowed.
-
allowHeaders
True if all the headers are allowed.- Parameters:
headers
- Headers to test.- Returns:
- True if all the headers are allowed.
-
getHeaders
- Returns:
- List of allowed headers. Default are:
X-Requested-With
,Content-Type
,Accept
andOrigin
.
-
setHeaders
Set one or more allowed headers. Possible values are a header name or*
if any header is allowed.- Parameters:
headers
- Headers to set.- Returns:
- This cors.
-
setHeaders
Set one or more allowed headers. Possible values are a header name or*
if any header is allowed.- Parameters:
headers
- Headers to set.- Returns:
- This cors.
-
getExposedHeaders
- Returns:
- List of exposed headers.
-
setExposedHeaders
Set the list of exposed headers.- Parameters:
exposedHeaders
- Headers to expose.- Returns:
- This cors.
-
setExposedHeaders
Set the list of exposed headers.- Parameters:
exposedHeaders
- Headers to expose.- Returns:
- This cors.
-
getMaxAge
- Returns:
- Preflight max age. How many seconds a client can cache a preflight request.
-
setMaxAge
Set the preflight max age header. That's how many seconds a client can cache a preflight request.- Parameters:
preflightMaxAge
- Number of seconds or-1
to turn this off.- Returns:
- This cors.
-
from
Get cors options from application configuration file.cors { origin: * methods: [GET, POST] headers: [Custom-Header] maxAge: 30m exposesHeaders: [Header] }
- Parameters:
conf
- Configuration.- Returns:
- Cors options.
-