Class CORSConfigBuilder
- java.lang.Object
-
- io.muserver.rest.CORSConfigBuilder
-
public class CORSConfigBuilder extends java.lang.Object
A builder to set configuration for CORS requests.
-
-
Constructor Summary
Constructors Constructor Description CORSConfigBuilder()
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description CORSConfig
build()
Builds CORS configuration from a builderstatic CORSConfigBuilder
corsConfig()
Creates a builder to set CORS configuration.static CORSConfigBuilder
disabled()
Creates CORS configuration that disables all CORS requests.CORSHandlerBuilder
toHandler(Method... allowedMethods)
Creates a CORS handler from this config.CORSConfigBuilder
withAllOriginsAllowed()
All origins will be allowedCORSConfigBuilder
withAllowCredentials(boolean allowCredentials)
If set to true, thenaccess-control-allow-credentials
is returned withtrue
on CORS responses.CORSConfigBuilder
withAllowedHeaders(java.lang.String... headerNames)
On preflight OPTIONS requests, specifies which headers are allowed to be sent on the request, aside from the "simple" headers.CORSConfigBuilder
withAllowedHeaders(java.util.Collection<java.lang.String> headerNames)
On preflight OPTIONS requests, specifies which headers are allowed to be sent on the request, aside from the "simple" headers.CORSConfigBuilder
withAllowedOriginRegex(java.lang.String allowedOriginRegex)
The origin values that CORS requests are allowed for.CORSConfigBuilder
withAllowedOriginRegex(java.util.regex.Pattern allowedOriginRegex)
The origin values that CORS requests are allowed for.CORSConfigBuilder
withAllowedOrigins(java.lang.String... allowedOrigins)
The origin values that CORS requests are allowed for.CORSConfigBuilder
withAllowedOrigins(java.util.Collection<java.lang.String> allowedOrigins)
The origin values that CORS requests are allowed for, or null to allow all origins.CORSConfigBuilder
withExposedHeaders(java.lang.String... headerNames)
Specifies which headers (aside from "simple" headers) are allowed to be accessed by JavaScript in responses.CORSConfigBuilder
withExposedHeaders(java.util.Collection<java.lang.String> headerNames)
Specifies which headers (aside from "simple" headers) are allowed to be accessed by JavaScript in responses.CORSConfigBuilder
withLocalhostAllowed()
Adds all localhost URLs (whether http or https) as allowed origins.CORSConfigBuilder
withMaxAge(long seconds)
On preflight OPTIONS requests, specifies the time the response is valid for
-
-
-
Method Detail
-
withAllOriginsAllowed
public CORSConfigBuilder withAllOriginsAllowed()
All origins will be allowed- Returns:
- This builder
-
withAllowCredentials
public CORSConfigBuilder withAllowCredentials(boolean allowCredentials)
If set to true, thenaccess-control-allow-credentials
is returned withtrue
on CORS responses.- Parameters:
allowCredentials
- Whether or not to include the credentials header- Returns:
- This builder
-
withAllowedOrigins
public CORSConfigBuilder withAllowedOrigins(java.util.Collection<java.lang.String> allowedOrigins)
The origin values that CORS requests are allowed for, or null to allow all origins.- Parameters:
allowedOrigins
- Allowed origins, such ashttps://example.org
orhttp://localhost:8080
- Returns:
- This builder
-
withAllowedOrigins
public CORSConfigBuilder withAllowedOrigins(java.lang.String... allowedOrigins)
The origin values that CORS requests are allowed for.- Parameters:
allowedOrigins
- Allowed origins, such ashttps://example.org
orhttp://localhost:8080
- Returns:
- This builder
-
withAllowedOriginRegex
public CORSConfigBuilder withAllowedOriginRegex(java.util.regex.Pattern allowedOriginRegex)
The origin values that CORS requests are allowed for.
If called multiple times, then just one of the patterns need to match to allow the origin.
Note: this is a no-op if
null
is used.- Parameters:
allowedOriginRegex
- A regex to match, e.g.Pattern.compile("https://.*\\.example\\.org")
to allow all subdomains ofexample.org
over HTTPS.- Returns:
- This builder
-
withAllowedOriginRegex
public CORSConfigBuilder withAllowedOriginRegex(java.lang.String allowedOriginRegex)
The origin values that CORS requests are allowed for.
If called multiple times, then just one of the patterns need to match to allow the origin.
Note: this is a no-op if
null
is used.- Parameters:
allowedOriginRegex
- A regex to match, e.g."https://.*\\.example\\.org"
to allow all subdomains ofexample.org
over HTTPS.- Returns:
- This builder
- Throws:
java.util.regex.PatternSyntaxException
- If the expression's syntax is invalid
-
withLocalhostAllowed
public CORSConfigBuilder withLocalhostAllowed()
Adds all localhost URLs (whether http or https) as allowed origins.- Returns:
- This builder
-
withExposedHeaders
public CORSConfigBuilder withExposedHeaders(java.lang.String... headerNames)
Specifies which headers (aside from "simple" headers) are allowed to be accessed by JavaScript in responses.
The "simple" headers are:
Cache-Control
,Content-Language
,Content-Type
,Expires
,Last-Modified
,Pragma
(so you do not need to specify these values).- Parameters:
headerNames
- The names of headers to allow, for exampleContent-Type
- Returns:
- This builder
-
withExposedHeaders
public CORSConfigBuilder withExposedHeaders(java.util.Collection<java.lang.String> headerNames)
Specifies which headers (aside from "simple" headers) are allowed to be accessed by JavaScript in responses.
The "simple" headers are:
Cache-Control
,Content-Language
,Content-Type
,Expires
,Last-Modified
,Pragma
(so you do not need to specify these values).- Parameters:
headerNames
- The names of headers to allow, for exampleContent-Type
- Returns:
- This builder
-
withAllowedHeaders
public CORSConfigBuilder withAllowedHeaders(java.lang.String... headerNames)
On preflight OPTIONS requests, specifies which headers are allowed to be sent on the request, aside from the "simple" headers.
The "simple" headers are
Accept
,Accept-Language
,Content-Language
,Content-Type
(but only with a MIME type ofapplication/x-www-form-urlencoded
,multipart/form-data
, ortext/plain
). You do not need to specify the simple headers.- Parameters:
headerNames
- The names of headers to allow, for exampleContent-Length
- Returns:
- This builder
-
withAllowedHeaders
public CORSConfigBuilder withAllowedHeaders(java.util.Collection<java.lang.String> headerNames)
On preflight OPTIONS requests, specifies which headers are allowed to be sent on the request, aside from the "simple" headers.
The "simple" headers are
Accept
,Accept-Language
,Content-Language
,Content-Type
(but only with a MIME type ofapplication/x-www-form-urlencoded
,multipart/form-data
, ortext/plain
). You do not need to specify the simple headers.- Parameters:
headerNames
- The names of headers to allow, for exampleContent-Length
- Returns:
- This builder
-
withMaxAge
public CORSConfigBuilder withMaxAge(long seconds)
On preflight OPTIONS requests, specifies the time the response is valid for- Parameters:
seconds
- The age in seconds, for example 600 for five minutes.- Returns:
- This builder.
-
corsConfig
public static CORSConfigBuilder corsConfig()
Creates a builder to set CORS configuration. Normally at leastwithAllowedOrigins(String...)
will be called.- Returns:
- A new builder to create CORS config with
-
disabled
public static CORSConfigBuilder disabled()
Creates CORS configuration that disables all CORS requests.- Returns:
- A new builder to create CORS config with
-
toHandler
public CORSHandlerBuilder toHandler(Method... allowedMethods)
Creates a CORS handler from this config.This can be used when CORS configuration is needed outside of JAX-RS. Add the created handler to a
MuServerBuilder
before any other handlers that require CORS config.Note that if you only need CORS config for JAX-RS then instead of this method you should pass this config to
RestHandlerBuilder.withCORS(CORSConfigBuilder)
- Parameters:
allowedMethods
- The allowed methods for CORS calls- Returns:
- A handler that can be added.
-
build
public CORSConfig build()
Builds CORS configuration from a builder- Returns:
- An immutable configuration object.
-
-