public class CorsFilter extends Filter
Router router = new Router(getContext()); CorsFilter corsFilter = new CorsFilter(getContext(), router); corsFilter.setAllowedOrigins(new HashSet(Arrays.asList("http://server.com"))); corsFilter.setAllowedCredentials(true);
Modifier and Type | Field and Description |
---|---|
boolean |
allowAllRequestedHeaders
If true, copies the value of 'Access-Control-Request-Headers' request
header into the 'Access-Control-Allow-Headers' response header.
|
Constructor and Description |
---|
CorsFilter()
Constructor.
|
CorsFilter(Context context)
Constructor.
|
CorsFilter(Context context,
Restlet next)
Constructor.
|
Modifier and Type | Method and Description |
---|---|
protected void |
afterHandle(Request request,
Response response)
Add CORS headers to response
|
protected int |
beforeHandle(Request request,
Response response)
Skip the call to the server resource if the
skippingResourceForCorsOptions is true and if the current
request use the OPTIONS method and is a CORS request. |
java.util.Set<java.lang.String> |
getAllowedHeaders()
Returns the modifiable set of headers allowed by the actual request on
the current resource.
Note that when used with HTTP connectors, this property maps to the "Access-Control-Allow-Headers" header. |
java.util.Set<java.lang.String> |
getAllowedOrigins()
Returns the URI an origin server allows for the requested resource.
|
protected CorsResponseHelper |
getCorsResponseHelper()
Returns a lazy-initialized instance of
CorsResponseHelper . |
java.util.Set<Method> |
getDefaultAllowedMethods()
Returns the list of methods allowed by default, used when
skippingResourceForCorsOptions is turned on. |
java.util.Set<java.lang.String> |
getExposedHeaders()
Returns a modifiable whitelist of headers an origin server allows for the
requested resource.
Note that when used with HTTP connectors, this property maps to the "Access-Control-Expose-Headers" header. |
int |
getMaxAge()
Indicates how long (in seconds) the results of a preflight request can be cached in a preflight result cache.
In case of a negative value, the results of a preflight request is not meant to be cached. Note that when used with HTTP connectors, this property maps to the "Access-Control-Max-Age" header. |
boolean |
isAllowAllRequestedHeaders()
If true, indicates that the value of 'Access-Control-Request-Headers'
request header will be copied into the 'Access-Control-Allow-Headers'
response header.
|
boolean |
isAllowedCredentials()
If true, adds 'Access-Control-Allow-Credentials' header.
|
boolean |
isSkippingResourceForCorsOptions()
If true, the filter does not call the server resource for OPTIONS method
of CORS request and set Access-Control-Allow-Methods header with
defaultAllowedMethods . |
CorsFilter |
setAllowedCredentials(boolean allowedCredentials)
If true, adds 'Access-Control-Allow-Credentials' header.
|
CorsFilter |
setAllowedHeaders(java.util.Set<java.lang.String> allowedHeaders)
Sets the value of the 'Access-Control-Allow-Headers' response header.
|
CorsFilter |
setAllowedOrigins(java.util.Set<java.lang.String> allowedOrigins)
Sets the value of 'Access-Control-Allow-Origin' header.
|
CorsFilter |
setAllowingAllRequestedHeaders(boolean allowingAllRequestedHeaders)
If true, copies the value of 'Access-Control-Request-Headers' request
header into the 'Access-Control-Allow-Headers' response header.
|
CorsFilter |
setDefaultAllowedMethods(java.util.Set<Method> defaultAllowedMethods)
Sets the list of methods allowed by default, used when
skippingResourceForCorsOptions is turned on. |
CorsFilter |
setExposedHeaders(java.util.Set<java.lang.String> exposedHeaders)
Sets the value of 'Access-Control-Expose-Headers' response header.
|
CorsFilter |
setMaxAge(int maxAge)
Sets the value of 'Access-Control-Max-Age' response header.
In case of negative value, the header is not set. |
CorsFilter |
setSkippingResourceForCorsOptions(boolean skipResourceForCorsOptions)
Sets the value of skipResourceForCorsOptions field.
|
doHandle, getNext, handle, hasNext, setNext, setNext, start, stop
createFinder, finalize, getApplication, getAuthor, getContext, getDescription, getFinderClass, getLogger, getName, getOwner, handle, handle, handle, isStarted, isStopped, setAuthor, setContext, setDescription, setFinderClass, setName, setOwner
public boolean allowAllRequestedHeaders
allowedHeaders
. Default is true.public CorsFilter()
public CorsFilter(Context context)
context
- The context.protected void afterHandle(Request request, Response response)
afterHandle
in class Filter
request
- The request to handle.response
- The responseprotected int beforeHandle(Request request, Response response)
skippingResourceForCorsOptions
is true and if the current
request use the OPTIONS method and is a CORS request.beforeHandle
in class Filter
request
- The request to handle.response
- The response to update.Filter.CONTINUE
or
Filter.SKIP
or Filter.STOP
.public java.util.Set<java.lang.String> getAllowedHeaders()
public java.util.Set<java.lang.String> getAllowedOrigins()
protected CorsResponseHelper getCorsResponseHelper()
CorsResponseHelper
.public java.util.Set<Method> getDefaultAllowedMethods()
skippingResourceForCorsOptions
is turned on.skippingResourceForCorsOptions
is turned on.public java.util.Set<java.lang.String> getExposedHeaders()
public int getMaxAge()
public boolean isAllowAllRequestedHeaders()
allowedHeaders
.public boolean isAllowedCredentials()
public boolean isSkippingResourceForCorsOptions()
defaultAllowedMethods
. Default is
false.public CorsFilter setAllowedCredentials(boolean allowedCredentials)
allowedCredentials
- True to add the 'Access-Control-Allow-Credentials' header.public CorsFilter setAllowedHeaders(java.util.Set<java.lang.String> allowedHeaders)
allowAllRequestedHeaders
is false.allowedHeaders
- The value of 'Access-Control-Allow-Headers' response header.public CorsFilter setAllowedOrigins(java.util.Set<java.lang.String> allowedOrigins)
allowedOrigins
- The value of 'Access-Control-Allow-Origin' header.public CorsFilter setAllowingAllRequestedHeaders(boolean allowingAllRequestedHeaders)
allowedHeaders
.allowingAllRequestedHeaders
- True to copy the value of 'Access-Control-Request-Headers'
request header into the 'Access-Control-Allow-Headers'
response header. If false, use allowedHeaders
.public CorsFilter setDefaultAllowedMethods(java.util.Set<Method> defaultAllowedMethods)
skippingResourceForCorsOptions
is turned on.defaultAllowedMethods
- The list of methods allowed by default, used when skippingResourceForCorsOptions
is turned
on.public CorsFilter setExposedHeaders(java.util.Set<java.lang.String> exposedHeaders)
exposedHeaders
- The value of 'Access-Control-Expose-Headers' response header.public CorsFilter setMaxAge(int maxAge)
maxAge
- The value of 'Access-Control-Max-Age' response header.public CorsFilter setSkippingResourceForCorsOptions(boolean skipResourceForCorsOptions)
skipResourceForCorsOptions
- True if the filter does not call the server resource for
OPTIONS method of CORS request.Copyright © 2005-2020 Restlet.