CorsFilter (Restlet Engine 2.4.4 - Java Standard Edition)

java.lang.Object
- org.restlet.Restlet
- - org.restlet.routing.Filter
  - - org.restlet.engine.application.CorsFilter

All Implemented Interfaces:: Uniform

public class CorsFilter
extends Filter

Filter that helps support CORS requests. This filter lets the target resources specify the allowed methods. Example:

 Router router = new Router(getContext());
 
 CorsFilter corsFilter = new CorsFilter(getContext(), router);
 corsFilter.setAllowedOrigins(new HashSet(Arrays.asList("http://server.com")));
 corsFilter.setAllowedCredentials(true);

Author:: Manuel Boillod

Field Summary

Fields
Modifier and Type	Field and Description
`boolean`	`allowAllRequestedHeaders` If true, copies the value of 'Access-Control-Request-Headers' request header into the 'Access-Control-Allow-Headers' response header.

Fields inherited from class org.restlet.routing.Filter
CONTINUE, SKIP, STOP

Constructor Summary

Constructors
Constructor and Description

CorsFilter()
Constructor.

CorsFilter(Context context)
Constructor.

CorsFilter(Context context, Restlet next)
Constructor.

Constructors
Constructor and Description
`CorsFilter()` Constructor.
`CorsFilter(Context context)` Constructor.
`CorsFilter(Context context, Restlet next)` Constructor.

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`protected void`	`afterHandle(Request request, Response response)` Add CORS headers to response
`protected int`	`beforeHandle(Request request, Response response)` Skip the call to the server resource if the `skippingResourceForCorsOptions` is true and if the current request use the OPTIONS method and is a CORS request.
`java.util.Set<java.lang.String>`	`getAllowedHeaders()` Returns the modifiable set of headers allowed by the actual request on the current resource.
`java.util.Set<java.lang.String>`	`getAllowedOrigins()` Returns the URI an origin server allows for the requested resource.
`protected CorsResponseHelper`	`getCorsResponseHelper()` Returns a lazy-initialized instance of `CorsResponseHelper`.
`java.util.Set<Method>`	`getDefaultAllowedMethods()` Returns the list of methods allowed by default, used when `skippingResourceForCorsOptions` is turned on.
`java.util.Set<java.lang.String>`	`getExposedHeaders()` Returns a modifiable whitelist of headers an origin server allows for the requested resource.
`int`	`getMaxAge()` Indicates how long (in seconds) the results of a preflight request can be cached in a preflight result cache.
`boolean`	`isAllowAllRequestedHeaders()` If true, indicates that the value of 'Access-Control-Request-Headers' request header will be copied into the 'Access-Control-Allow-Headers' response header.
`boolean`	`isAllowedCredentials()` If true, adds 'Access-Control-Allow-Credentials' header.
`boolean`	`isSkippingResourceForCorsOptions()` If true, the filter does not call the server resource for OPTIONS method of CORS request and set Access-Control-Allow-Methods header with `defaultAllowedMethods`.
`CorsFilter`	`setAllowedCredentials(boolean allowedCredentials)` If true, adds 'Access-Control-Allow-Credentials' header.
`CorsFilter`	`setAllowedHeaders(java.util.Set<java.lang.String> allowedHeaders)` Sets the value of the 'Access-Control-Allow-Headers' response header.
`CorsFilter`	`setAllowedOrigins(java.util.Set<java.lang.String> allowedOrigins)` Sets the value of 'Access-Control-Allow-Origin' header.
`CorsFilter`	`setAllowingAllRequestedHeaders(boolean allowingAllRequestedHeaders)` If true, copies the value of 'Access-Control-Request-Headers' request header into the 'Access-Control-Allow-Headers' response header.
`CorsFilter`	`setDefaultAllowedMethods(java.util.Set<Method> defaultAllowedMethods)` Sets the list of methods allowed by default, used when `skippingResourceForCorsOptions` is turned on.
`CorsFilter`	`setExposedHeaders(java.util.Set<java.lang.String> exposedHeaders)` Sets the value of 'Access-Control-Expose-Headers' response header.
`CorsFilter`	`setMaxAge(int maxAge)` Sets the value of 'Access-Control-Max-Age' response header.
`CorsFilter`	`setSkippingResourceForCorsOptions(boolean skipResourceForCorsOptions)` Sets the value of skipResourceForCorsOptions field.

Methods inherited from class org.restlet.routing.Filter
doHandle, getNext, handle, hasNext, setNext, setNext, start, stop

Methods inherited from class org.restlet.Restlet
createFinder, finalize, getApplication, getAuthor, getContext, getDescription, getFinderClass, getLogger, getName, getOwner, handle, handle, handle, isStarted, isStopped, setAuthor, setContext, setDescription, setFinderClass, setName, setOwner

Methods inherited from class java.lang.Object
clone, equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - allowAllRequestedHeaders
```
public boolean allowAllRequestedHeaders
```
    If true, copies the value of 'Access-Control-Request-Headers' request header into the 'Access-Control-Allow-Headers' response header. If false, use allowedHeaders. Default is true.
- Constructor Detail
  - CorsFilter
```
public CorsFilter()
```
    Constructor.
  - CorsFilter
```
public CorsFilter(Context context)
```
    Constructor.
    
    Parameters:
    
    context - The context.
  - CorsFilter
```
public CorsFilter(Context context,
                  Restlet next)
```
    Constructor.
    
    Parameters:
    
    context - The context.
    
    next - The next Restlet.
- Method Detail
  - afterHandle
```
protected void afterHandle(Request request,
                           Response response)
```
    Add CORS headers to response
    
    Overrides:
    
    afterHandle in class Filter
    
    Parameters:
    
    request - The request to handle.
    
    response - The response
  - beforeHandle
```
protected int beforeHandle(Request request,
                           Response response)
```
    Skip the call to the server resource if the skippingResourceForCorsOptions is true and if the current request use the OPTIONS method and is a CORS request.
    
    Overrides:
    
    beforeHandle in class Filter
    
    Parameters:
    
    request - The request to handle.
    
    response - The response to update.
    
    Returns:
    
    The continuation status. Either Filter.CONTINUE or Filter.SKIP or Filter.STOP.
  - getAllowedHeaders
```
public java.util.Set<java.lang.String> getAllowedHeaders()
```
    Returns the modifiable set of headers allowed by the actual request on the current resource.
    Note that when used with HTTP connectors, this property maps to the "Access-Control-Allow-Headers" header.
    
    Returns:
    
    The set of headers allowed by the actual request on the current resource.
  - getAllowedOrigins
```
public java.util.Set<java.lang.String> getAllowedOrigins()
```
    Returns the URI an origin server allows for the requested resource. Use "*" as a wildcard character.
    Note that when used with HTTP connectors, this property maps to the "Access-Control-Allow-Origin" header.
    
    Returns:
    
    The origin allowed by the requested resource.
  - getCorsResponseHelper
```
protected CorsResponseHelper getCorsResponseHelper()
```
    Returns a lazy-initialized instance of CorsResponseHelper.
  - getDefaultAllowedMethods
```
public java.util.Set<Method> getDefaultAllowedMethods()
```
    Returns the list of methods allowed by default, used when skippingResourceForCorsOptions is turned on.
    
    Returns:
    
    The list of methods allowed by default, used when skippingResourceForCorsOptions is turned on.
  - getExposedHeaders
```
public java.util.Set<java.lang.String> getExposedHeaders()
```
    Returns a modifiable whitelist of headers an origin server allows for the requested resource.
    Note that when used with HTTP connectors, this property maps to the "Access-Control-Expose-Headers" header.
    
    Returns:
    
    The set of headers an origin server allows for the requested resource.
  - getMaxAge
```
public int getMaxAge()
```
    Indicates how long (in seconds) the results of a preflight request can be cached in a preflight result cache.
    In case of a negative value, the results of a preflight request is not meant to be cached.
    Note that when used with HTTP connectors, this property maps to the "Access-Control-Max-Age" header.
    
    Returns:
    
    Indicates how long the results of a preflight request can be cached in a preflight result cache.
  - isAllowAllRequestedHeaders
```
public boolean isAllowAllRequestedHeaders()
```
    If true, indicates that the value of 'Access-Control-Request-Headers' request header will be copied into the 'Access-Control-Allow-Headers' response header. If false, use allowedHeaders.
  - isAllowedCredentials
```
public boolean isAllowedCredentials()
```
    If true, adds 'Access-Control-Allow-Credentials' header.
    
    Returns:
    
    True, if the 'Access-Control-Allow-Credentials' header will be added.
  - isSkippingResourceForCorsOptions
```
public boolean isSkippingResourceForCorsOptions()
```
    If true, the filter does not call the server resource for OPTIONS method of CORS request and set Access-Control-Allow-Methods header with defaultAllowedMethods. Default is false.
    
    Returns:
    
    True if the filter does not call the server resource for OPTIONS method of CORS request.
  - setAllowedCredentials
```
public CorsFilter setAllowedCredentials(boolean allowedCredentials)
```
    If true, adds 'Access-Control-Allow-Credentials' header.
    
    Parameters:
    
    allowedCredentials - True to add the 'Access-Control-Allow-Credentials' header.
    
    Returns:
    
    Itself for chaining methods calls.
  - setAllowedHeaders
```
public CorsFilter setAllowedHeaders(java.util.Set<java.lang.String> allowedHeaders)
```
    Sets the value of the 'Access-Control-Allow-Headers' response header. Used only if allowAllRequestedHeaders is false.
    
    Parameters:
    
    allowedHeaders - The value of 'Access-Control-Allow-Headers' response header.
    
    Returns:
    
    Itself for chaining methods calls.
  - setAllowedOrigins
```
public CorsFilter setAllowedOrigins(java.util.Set<java.lang.String> allowedOrigins)
```
    Sets the value of 'Access-Control-Allow-Origin' header.
    
    Parameters:
    
    allowedOrigins - The value of 'Access-Control-Allow-Origin' header.
    
    Returns:
    
    Itself for chaining methods calls.
  - setAllowingAllRequestedHeaders
```
public CorsFilter setAllowingAllRequestedHeaders(boolean allowingAllRequestedHeaders)
```
    If true, copies the value of 'Access-Control-Request-Headers' request header into the 'Access-Control-Allow-Headers' response header. If false, use allowedHeaders.
    
    Parameters:
    
    allowingAllRequestedHeaders - True to copy the value of 'Access-Control-Request-Headers' request header into the 'Access-Control-Allow-Headers' response header. If false, use allowedHeaders.
    
    Returns:
    
    Itself for chaining methods calls.
  - setDefaultAllowedMethods
```
public CorsFilter setDefaultAllowedMethods(java.util.Set<Method> defaultAllowedMethods)
```
    Sets the list of methods allowed by default, used when skippingResourceForCorsOptions is turned on.
    
    Parameters:
    
    defaultAllowedMethods - The list of methods allowed by default, used when skippingResourceForCorsOptions is turned on.
  - setExposedHeaders
```
public CorsFilter setExposedHeaders(java.util.Set<java.lang.String> exposedHeaders)
```
    Sets the value of 'Access-Control-Expose-Headers' response header.
    
    Parameters:
    
    exposedHeaders - The value of 'Access-Control-Expose-Headers' response header.
    
    Returns:
    
    Itself for chaining methods calls.
  - setMaxAge
```
public CorsFilter setMaxAge(int maxAge)
```
    Sets the value of 'Access-Control-Max-Age' response header.
    In case of negative value, the header is not set.
    
    Parameters:
    
    maxAge - The value of 'Access-Control-Max-Age' response header.
  - setSkippingResourceForCorsOptions
```
public CorsFilter setSkippingResourceForCorsOptions(boolean skipResourceForCorsOptions)
```
    Sets the value of skipResourceForCorsOptions field.
    
    Parameters:
    
    skipResourceForCorsOptions - True if the filter does not call the server resource for OPTIONS method of CORS request.
    
    Returns:
    
    Itself for chaining methods calls.

Class CorsFilter

Field Summary

Fields inherited from class org.restlet.routing.Filter

Constructor Summary

Method Summary

Methods inherited from class org.restlet.routing.Filter

Methods inherited from class org.restlet.Restlet

Methods inherited from class java.lang.Object

Field Detail

allowAllRequestedHeaders

Constructor Detail

CorsFilter

CorsFilter

CorsFilter

Method Detail

afterHandle

beforeHandle

getAllowedHeaders

getAllowedOrigins

getCorsResponseHelper

getDefaultAllowedMethods

getExposedHeaders

getMaxAge

isAllowAllRequestedHeaders

isAllowedCredentials

isSkippingResourceForCorsOptions

setAllowedCredentials

setAllowedHeaders

setAllowedOrigins

setAllowingAllRequestedHeaders

setDefaultAllowedMethods

setExposedHeaders

setMaxAge

setSkippingResourceForCorsOptions