unidocs
0.23.25
API
Generated with
unidocs/org.http4s/org.http4s.server/org.http4s.server.middleware/CORSPolicy

CORSPolicy

org.http4s.server.middleware.CORSPolicy
See theCORSPolicy companion object
sealed class CORSPolicy(allowOrigin: AllowOrigin, allowCredentials: AllowCredentials, exposeHeaders: ExposeHeaders, allowMethods: AllowMethods, allowHeaders: AllowHeaders, maxAge: MaxAge)

A middleware that applies the CORS protocol to any Http value. Obtain a reference to a CORSPolicy via the CORS object, which represents a default policy.

Requests with an Origin header will receive the appropriate CORS headers. More headers are available for "pre-flight" requests, those whose method is OPTIONS and has an Access-Control-Request-Method header.

Requests without the required headers, or requests that fail a CORS origin, method, or headers check are passed through to the underlying Http function, but do not receive any CORS headers in the response. The user agent will then block sharing the resource across origins according to the CORS protocol.

Attributes

Companion
object
Source
CORS.scala
Graph
Supertypes
class Object
trait Matchable
class Any

Members list

Value members

Concrete methods

def apply[F[_] : Applicative, G[_]](http: Http[F, G]): Http[F, G]

Attributes

Source
CORS.scala
def httpApp[F[_] : Applicative](httpApp: HttpApp[F]): HttpApp[F]

Attributes

Source
CORS.scala
def httpRoutes[F[_] : Monad](httpRoutes: HttpRoutes[F]): HttpRoutes[F]

Attributes

Source
CORS.scala
def impl[F[_] : Functor, G[_]](http: Http[F, G], preflightResponder: Http[F, G]): Http[F, G]

Attributes

Source
CORS.scala
def withAllowCredentials(b: Boolean): CORSPolicy

Allow credentials.

Allow credentials. Sends an Access-Control-Allow-Credentials: * on valid CORS requests if true, and omits the header if false.

For security purposes, it is an invalid per the Fetch Living Standard that defines CORS to set this to true when any origin is allowed.

Attributes

Source
CORS.scala
def withAllowHeadersAll: CORSPolicy

Allows CORS requests with any headers if credentials are not allowed.

Allows CORS requests with any headers if credentials are not allowed. If credentials are allowed, allows requests with a literal header name of *, which is almost certainly not what you mean, but per spec.

Sends an Access-Control-Allow-Headers: * header on valid CORS preflight requests.

Attributes

Source
CORS.scala
def withAllowHeadersIn(headers: Set[CIString]): CORSPolicy

Allows CORS requests whose request headers are a subset of the headers enumerated here, or are CORS-safelisted.

Allows CORS requests whose request headers are a subset of the headers enumerated here, or are CORS-safelisted.

If preflight requests send an Access-Control-Request-Headers header, its value must be a subset of those passed here.

Sends an Access-Control-Allow-Headers header with the specified headers on valid CORS preflight requests.

Attributes

Source
CORS.scala
def withAllowHeadersReflect: CORSPolicy

Reflects the Access-Control-Request-Headers back as Access-Control-Allow-Headers on preflight requests.

Reflects the Access-Control-Request-Headers back as Access-Control-Allow-Headers on preflight requests. This is most useful when credentials are allowed and a wildcard for Access-Control-Allow-Headers would be treated literally.

Sends an Access-Control-Allow-Headers header with the specified headers on valid CORS preflight requests.

Attributes

Source
CORS.scala
def withAllowHeadersStatic(headers: Set[CIString]): CORSPolicy

Returns a static value in Access-Control-Allow-Headers on preflight requests consisting of the supplied headers.

Returns a static value in Access-Control-Allow-Headers on preflight requests consisting of the supplied headers.

Sends an Access-Control-Allow-Headers header with the specified headers on valid CORS preflight requests.

Attributes

Source
CORS.scala
def withAllowMethodsAll: CORSPolicy

Allows CORS requests with any method if credentials are not allowed.

Allows CORS requests with any method if credentials are not allowed. If credentials are allowed, allows requests with a literal method of *, which is almost certainly not what you mean, but per spec.

Sends an Access-Control-Allow-Headers: * header on valid CORS preflight requests.

Attributes

Source
CORS.scala
def withAllowMethodsIn(methods: Set[Method]): CORSPolicy

Allows CORS requests with any of the specified methods allowed.

Allows CORS requests with any of the specified methods allowed.

Preflight requests must send a matching Access-Control-Request-Method header to receive a CORS response.

Sends an Access-Control-Allow-Headers header with the specified headers on valid CORS preflight requests.

Attributes

Source
CORS.scala
def withAllowOriginAll: CORSPolicy

Allow CORS requests from any origin with an Access-Control-Allow-Origin of *.

Allow CORS requests from any origin with an Access-Control-Allow-Origin of *.

Attributes

Source
CORS.scala
def withAllowOriginHeader(p: Origin => Boolean): CORSPolicy

Allow requests from any origin matching the predicate p.

Allow requests from any origin matching the predicate p. On matching requests, the request origin is reflected as the Access-Control-Allow-Origin header.

The Origin header contains some arcane settings, like multiple origins, or a null origin. withAllowOriginHost is generally more convenient.

Attributes

Source
CORS.scala
def withAllowOriginHost(p: Host => Boolean): CORSPolicy

Allow requests from any origin host matching the predicate p.

Allow requests from any origin host matching the predicate p. The origin host is the first value in the request's Origin header, if not null header, unless it is null. Examples:

- Origin: http://www.example.com => http://www.example.com - Origin: http://www.example.com, http://example.net => http://www.example.com - Origin: null => always false

A Set[Origin.Host] is often a good choice here, but a predicate is offered to support more advanced matching.

Attributes

Source
CORS.scala
def withAllowOriginHostCi(p: CIString => Boolean): CORSPolicy

Allow requests from any origin host whose case-insensitive rendering matches predicate p.

Allow requests from any origin host whose case-insensitive rendering matches predicate p. A concession to the fact that constructing org.http4s.headers.Origin.Host values is verbose.

Attributes

See also
Source
CORS.scala
def withExposeHeadersAll: CORSPolicy

Exposes all response headers to the origin.

Exposes all response headers to the origin.

Sends an Access-Control-Expose-Headers: * header on valid CORS non-preflight requests.

Attributes

Source
CORS.scala
def withExposeHeadersIn(names: Set[CIString]): CORSPolicy

Exposes specific response headers to the origin.

Exposes specific response headers to the origin. These are in addition to CORS-safelisted response headers.

Sends an Access-Control-Expose-Headers header with names as a comma-delimited string on valid CORS non-preflight requests.

Attributes

Source
CORS.scala
def withExposeHeadersNone: CORSPolicy

Exposes no response headers to the origin beyond the CORS-safelisted response headers.

Exposes no response headers to the origin beyond the CORS-safelisted response headers.

Sends an Access-Control-Expose-Headers header with names as a comma-delimited string on valid CORS non-preflight requests.

Attributes

Source
CORS.scala
def withMaxAge(duration: FiniteDuration): CORSPolicy

Sets the duration the results can be cached.

Sets the duration the results can be cached. The duration is truncated to seconds. A negative value results in a cache duration of zero.

Sends an Access-Control-Max-Age header with the duration in seconds on preflight requests.

Attributes

Source
CORS.scala
def withMaxAgeDefault: CORSPolicy

Sets the duration the results can be cached to the user agent's default.

Sets the duration the results can be cached to the user agent's default. This suppresses the Access-Control-Max-Age header.

Attributes

Source
CORS.scala
def withMaxAgeDisableCaching: CORSPolicy

Instructs the client to not cache any preflight results.

Instructs the client to not cache any preflight results.

Sends an Access-Control-Max-Age: -1 header

Attributes

Source
CORS.scala
Generated with