Module io.jooby
Package io.jooby.handler

Class Cors

java.lang.Object
io.jooby.handler.Cors
public class Cors extends Object
Cross-origin resource sharing.

Cross-origin resource sharing (CORS) is a mechanism that allows restricted resources (e.g. fonts, JavaScript, etc.) on a web page to be requested from another domain outside the domain from which the resource originated.

This class represent the available options for configure CORS in Jooby.

usage

 {
   use(new CorsHandler());
 }

Previous example, adds a cors filter using the default cors options.

Since:
2.0.4
Author:
edgar

  • Constructor Details

    • Cors

      public Cors()
      Creates default Cors. Default options are: 
        origin: "*"
  credentials: true
  allowedMethods: [GET, POST]
  allowedHeaders: [X-Requested-With, Content-Type, Accept, Origin]
  maxAge: 30m
  exposedHeaders: []

  • Method Details

    • getUseCredentials

      public boolean getUseCredentials()
      If true, set the Access-Control-Allow-Credentials header.
      Returns:
      If the Access-Control-Allow-Credentials header must be set.

    • setUseCredentials

      public Cors setUseCredentials(boolean credentials)
      If true, set the Access-Control-Allow-Credentials header.
      Parameters:
      credentials - Credentials.
      Returns:
      This cors.

    • anyOrigin

      public boolean anyOrigin()
      Returns:
      True if any origin is accepted.

    • getOrigin

      public List<String> getOrigin()
      An origin must be a "*" (any origin), a domain name (like, http://foo.com) and/or a regex (like, http://*.domain.com).
      Returns:
      List of valid origins: Default is: *

    • allowOrigin

      public boolean allowOrigin(String origin)
      Test if the given origin is allowed or not.
      Parameters:
      origin - The origin to test.
      Returns:
      True if the origin is allowed.

    • setOrigin

      public Cors setOrigin(String... origin)
      Set the allowed origins. An origin must be a "*" (any origin), a domain name (like, http://foo.com) and/or a regex (like, http://*.domain.com).
      Parameters:
      origin - One ore more origin.
      Returns:
      This cors.

    • setOrigin

      public Cors setOrigin(List<String> origin)
      Set the allowed origins. An origin must be a "*" (any origin), a domain name (like, http://foo.com) and/or a regex (like, http://*.domain.com).
      Parameters:
      origin - One ore more origin.
      Returns:
      This cors.

    • allowMethod

      public boolean allowMethod(String method)
      True if the method is allowed.
      Parameters:
      method - Method to test.
      Returns:
      True if the method is allowed.

    • getMethods

      public List<String> getMethods()
      Returns:
      List of allowed methods.

    • setMethods

      public Cors setMethods(String... methods)
      Set one or more allowed methods.
      Parameters:
      methods - One or more method.
      Returns:
      This cors.

    • setMethods

      public Cors setMethods(List<String> methods)
      Set one or more allowed methods.
      Parameters:
      methods - One or more method.
      Returns:
      This cors.

    • anyHeader

      public boolean anyHeader()
      Returns:
      True if any header is allowed: *.

    • allowHeader

      public boolean allowHeader(String... headers)
      True if all the headers are allowed.
      Parameters:
      headers - Headers to test.
      Returns:
      True if all the headers are allowed.

    • allowHeaders

      public boolean allowHeaders(List<String> headers)
      True if all the headers are allowed.
      Parameters:
      headers - Headers to test.
      Returns:
      True if all the headers are allowed.

    • getHeaders

      public List<String> getHeaders()
      Returns:
      List of allowed headers. Default are: X-Requested-With, Content-Type , Accept and Origin.

    • setHeaders

      public Cors setHeaders(String... headers)
      Set one or more allowed headers. Possible values are a header name or * if any header is allowed.
      Parameters:
      headers - Headers to set.
      Returns:
      This cors.

    • setHeaders

      public Cors setHeaders(List<String> headers)
      Set one or more allowed headers. Possible values are a header name or * if any header is allowed.
      Parameters:
      headers - Headers to set.
      Returns:
      This cors.

    • getExposedHeaders

      public List<String> getExposedHeaders()
      Returns:
      List of exposed headers.

    • setExposedHeaders

      public Cors setExposedHeaders(String... exposedHeaders)
      Set the list of exposed headers.
      Parameters:
      exposedHeaders - Headers to expose.
      Returns:
      This cors.

    • setExposedHeaders

      public Cors setExposedHeaders(List<String> exposedHeaders)
      Set the list of exposed headers.
      Parameters:
      exposedHeaders - Headers to expose.
      Returns:
      This cors.

    • getMaxAge

      public Duration getMaxAge()
      Returns:
      Preflight max age. How many seconds a client can cache a preflight request.

    • setMaxAge

      public Cors setMaxAge(Duration preflightMaxAge)
      Set the preflight max age header. That's how many seconds a client can cache a preflight request.
      Parameters:
      preflightMaxAge - Number of seconds or -1 to turn this off.
      Returns:
      This cors.

    • from

      @NonNull public static Cors from(@NonNull com.typesafe.config.Config conf)
      Get cors options from application configuration file. 
      
 cors {
   origin: *
   methods: [GET, POST]
   headers: [Custom-Header]
   maxAge: 30m
   exposesHeaders: [Header]
 }
      Parameters:
      conf - Configuration.
      Returns:
      Cors options.