Package org.restlet.engine.application

Class CorsResponseHelper

  • public class CorsResponseHelper
extends java.lang.Object
    Helps to generate response CORS headers.
    The CORS specification defines a subset of methods qualified as simple HEAD, GET and POST. Any other methods should send a preflight request with the method OPTIONS.
    Author:
    Manuel Boillod
    See Also:
    W3C CORS Specification, Simple methods

    • Field Summary

      Fields 
      Modifier and Type Field Description
      boolean allowAllRequestedHeaders
      If true, copies the value of 'Access-Control-Request-Headers' request header into the 'Access-Control-Allow-Headers' response header.
      boolean allowedCredentials
      If true, add 'Access-Control-Allow-Credentials' header.
      java.util.Set<java.lang.String> allowedHeaders
      The value of 'Access-Control-Allow-Headers' response header.
      java.util.Set<java.lang.String> allowedOrigins
      The value of 'Access-Control-Allow-Origin' header.
      java.util.Set<java.lang.String> exposedHeaders
      The value of 'Access-Control-Expose-Headers' response header.
      int maxAge
      The value of 'Access-Control-Max-Age' response header.

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void addCorsResponseHeaders​(org.restlet.Request request, org.restlet.Response response)
      Adds CORS headers to the given response.
      java.util.Set<java.lang.String> getAllowedHeaders()
      Returns the modifiable set of headers allowed by the actual request on the current resource.
      Note that when used with HTTP connectors, this property maps to the "Access-Control-Allow-Headers" header.
      java.util.Set<java.lang.String> getAllowedOrigins()
      Returns the URI an origin server allows for the requested resource.
      java.util.Set<java.lang.String> getExposedHeaders()
      Returns a modifiable whitelist of headers an origin server allows for the requested resource.
      Note that when used with HTTP connectors, this property maps to the "Access-Control-Expose-Headers" header.
      int getMaxAge()
      Indicates how long (in seconds) the results of a preflight request can be cached in a preflight result cache.
      In case of a negative value, the results of a preflight request is not meant to be cached.
      Note that when used with HTTP connectors, this property maps to the "Access-Control-Max-Age" header.
      boolean isAllowAllRequestedHeaders()
      If true, indicates that the value of 'Access-Control-Request-Headers' request header will be copied into the 'Access-Control-Allow-Headers' response header.
      boolean isAllowedCredentials()
      If true, adds 'Access-Control-Allow-Credentials' header.
      boolean isCorsRequest​(org.restlet.Request request)
      Returns true if the request is a CORS request.
      void setAllowAllRequestedHeaders​(boolean allowAllRequestedHeaders)
      If true, copies the value of 'Access-Control-Request-Headers' request header into the 'Access-Control-Allow-Headers' response header.
      void setAllowedCredentials​(boolean allowedCredentials)
      If true, adds 'Access-Control-Allow-Credentials' header.
      void setAllowedHeaders​(java.util.Set<java.lang.String> allowedHeaders)
      Sets the value of the 'Access-Control-Allow-Headers' response header.
      void setAllowedOrigins​(java.util.Set<java.lang.String> allowedOrigins)
      Sets the value of 'Access-Control-Allow-Origin' header.
      void setExposedHeaders​(java.util.Set<java.lang.String> exposedHeaders)
      Sets the value of 'Access-Control-Expose-Headers' response header.
      void setMaxAge​(int maxAge)
      Sets the value of 'Access-Control-Max-Age' response header.
      In case of negative value, the header is not set.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • allowAllRequestedHeaders

        public boolean allowAllRequestedHeaders
        If true, copies the value of 'Access-Control-Request-Headers' request header into the 'Access-Control-Allow-Headers' response header. If false, use allowedHeaders. Default is true.

      • allowedCredentials

        public boolean allowedCredentials
        If true, add 'Access-Control-Allow-Credentials' header. Default is false.

      • allowedHeaders

        public java.util.Set<java.lang.String> allowedHeaders
        The value of 'Access-Control-Allow-Headers' response header. Used only if allowAllRequestedHeaders is false.

      • allowedOrigins

        public java.util.Set<java.lang.String> allowedOrigins
        The value of 'Access-Control-Allow-Origin' header. Default is '*'.

      • exposedHeaders

        public java.util.Set<java.lang.String> exposedHeaders
        The value of 'Access-Control-Expose-Headers' response header.

      • maxAge

        public int maxAge
        The value of 'Access-Control-Max-Age' response header. Default is that the header is not set.

    • Constructor Detail

      • CorsResponseHelper

        public CorsResponseHelper()

    • Method Detail

      • addCorsResponseHeaders

        public void addCorsResponseHeaders​(org.restlet.Request request,
                                   org.restlet.Response response)
        Adds CORS headers to the given response.
        Parameters:
        request - The current request.
        response - The response.

      • getAllowedHeaders

        public java.util.Set<java.lang.String> getAllowedHeaders()
        Returns the modifiable set of headers allowed by the actual request on the current resource.
        Note that when used with HTTP connectors, this property maps to the "Access-Control-Allow-Headers" header.
        Returns:
        The set of headers allowed by the actual request on the current resource.

      • getAllowedOrigins

        public java.util.Set<java.lang.String> getAllowedOrigins()
        Returns the URI an origin server allows for the requested resource. Use "*" as a wildcard character.
        Note that when used with HTTP connectors, this property maps to the "Access-Control-Allow-Origin" header.
        Returns:
        The origin allowed by the requested resource.

      • getExposedHeaders

        public java.util.Set<java.lang.String> getExposedHeaders()
        Returns a modifiable whitelist of headers an origin server allows for the requested resource.
        Note that when used with HTTP connectors, this property maps to the "Access-Control-Expose-Headers" header.
        Returns:
        The set of headers an origin server allows for the requested resource.

      • getMaxAge

        public int getMaxAge()
        Indicates how long (in seconds) the results of a preflight request can be cached in a preflight result cache.
        In case of a negative value, the results of a preflight request is not meant to be cached.
        Note that when used with HTTP connectors, this property maps to the "Access-Control-Max-Age" header.
        Returns:
        Indicates how long the results of a preflight request can be cached in a preflight result cache.

      • isAllowAllRequestedHeaders

        public boolean isAllowAllRequestedHeaders()
        If true, indicates that the value of 'Access-Control-Request-Headers' request header will be copied into the 'Access-Control-Allow-Headers' response header. If false, use allowedHeaders.

      • isAllowedCredentials

        public boolean isAllowedCredentials()
        If true, adds 'Access-Control-Allow-Credentials' header.
        Returns:
        True, if the 'Access-Control-Allow-Credentials' header will be added.

      • isCorsRequest

        public boolean isCorsRequest​(org.restlet.Request request)
        Returns true if the request is a CORS request.
        Parameters:
        request - The current request.
        Returns:
        true if the request is a CORS request.

      • setAllowAllRequestedHeaders

        public void setAllowAllRequestedHeaders​(boolean allowAllRequestedHeaders)
        If true, copies the value of 'Access-Control-Request-Headers' request header into the 'Access-Control-Allow-Headers' response header. If false, use allowedHeaders.
        Parameters:
        allowAllRequestedHeaders - True to copy the value of 'Access-Control-Request-Headers' request header into the 'Access-Control-Allow-Headers' response header. If false, use allowedHeaders.

      • setAllowedCredentials

        public void setAllowedCredentials​(boolean allowedCredentials)
        If true, adds 'Access-Control-Allow-Credentials' header.
        Parameters:
        allowedCredentials - True to add the 'Access-Control-Allow-Credentials' header.

      • setAllowedHeaders

        public void setAllowedHeaders​(java.util.Set<java.lang.String> allowedHeaders)
        Sets the value of the 'Access-Control-Allow-Headers' response header. Used only if allowAllRequestedHeaders is false.
        Parameters:
        allowedHeaders - The value of 'Access-Control-Allow-Headers' response header.

      • setAllowedOrigins

        public void setAllowedOrigins​(java.util.Set<java.lang.String> allowedOrigins)
        Sets the value of 'Access-Control-Allow-Origin' header.
        Parameters:
        allowedOrigins - The value of 'Access-Control-Allow-Origin' header.

      • setExposedHeaders

        public void setExposedHeaders​(java.util.Set<java.lang.String> exposedHeaders)
        Sets the value of 'Access-Control-Expose-Headers' response header.
        Parameters:
        exposedHeaders - The value of 'Access-Control-Expose-Headers' response header.

      • setMaxAge

        public void setMaxAge​(int maxAge)
        Sets the value of 'Access-Control-Max-Age' response header.
        In case of negative value, the header is not set.
        Parameters:
        maxAge - The value of 'Access-Control-Max-Age' response header.