Class CorsPolicy

java.lang.Object
org.forgerock.http.filter.cors.CorsPolicy

public final class CorsPolicy extends Object
The CORS policy is responsible to handle both actual and preflight CORS requests and set the appropriate set of response headers based on its own configuration.

Implementation Notes:

  • Allowed methods: This class just echoes back values read from "Access-Control-Request-Method" if the method is accepted. Otherwise "Access-Control-Allow-Methods" response header is omitted.
  • Allowed headers: This class just echos back the values read from "Access-Control-Request-Headers" if all requested headers are accepted. Otherwise "Access-Control-Allow-Headers" response header is omitted.
  • Method Details

    • acceptOrigin

      public boolean acceptOrigin(String origin)
      Returns true if this policy is applicable for the given origin.
      Parameters:
      origin - origin to be tested
      Returns:
      true if this policy is applicable for the given origin.
    • handleActual

      public void handleActual(Response response, String origin)
      Handles the response of an actual CORS request.

      It sets the following headers (if appropriate):

      • "Access-Control-Allow-Origin"
      • "Access-Control-Allow-Credentials"
      • "Access-Control-Expose-Headers"
      • "Vary"
      Parameters:
      response - response from the actual request
      origin - request's origin
    • handlePreflight

      public Response handlePreflight(Request request, String origin)
      Produces the response for a CORS preflight request.

      It returns a 204 No Content and sets the following headers (if appropriate):

      • "Access-Control-Allow-Origin"
      • "Access-Control-Allow-Credentials"
      • "Access-Control-Max-Age"
      • "Access-Control-Allow-Methods"
      • "Access-Control-Allow-Headers"
      • "Vary"
      Parameters:
      request - preflight request
      origin - request's origin
      Returns:
      the preflight response
    • builder

      public static CorsPolicy.Builder builder()
      Returns a new CorsPolicy builder.
      Returns:
      a new CorsPolicy builder.