Package org.forgerock.http.filter.cors
Class CorsPolicy
java.lang.Object
org.forgerock.http.filter.cors.CorsPolicy
The CORS policy is responsible to handle both actual and preflight CORS requests
and set the appropriate set of response headers based on its own configuration.
Implementation Notes:
- Allowed methods: This class just echoes back values read from "Access-Control-Request-Method" if the method is accepted. Otherwise "Access-Control-Allow-Methods" response header is omitted.
- Allowed headers: This class just echos back the values read from "Access-Control-Request-Headers" if all requested headers are accepted. Otherwise "Access-Control-Allow-Headers" response header is omitted.
-
Nested Class Summary
-
Method Summary
Modifier and TypeMethodDescriptionboolean
acceptOrigin
(String origin) Returnstrue
if this policy is applicable for the givenorigin
.static CorsPolicy.Builder
builder()
Returns a newCorsPolicy
builder.void
handleActual
(Response response, String origin) Handles the response of an actual CORS request.handlePreflight
(Request request, String origin) Produces the response for a CORS preflight request.
-
Method Details
-
acceptOrigin
Returnstrue
if this policy is applicable for the givenorigin
.- Parameters:
origin
- origin to be tested- Returns:
true
if this policy is applicable for the givenorigin
.
-
handleActual
Handles the response of an actual CORS request.It sets the following headers (if appropriate):
- "Access-Control-Allow-Origin"
- "Access-Control-Allow-Credentials"
- "Access-Control-Expose-Headers"
- "Vary"
- Parameters:
response
- response from the actual requestorigin
- request's origin
-
handlePreflight
Produces the response for a CORS preflight request.It returns a 204 No Content and sets the following headers (if appropriate):
- "Access-Control-Allow-Origin"
- "Access-Control-Allow-Credentials"
- "Access-Control-Max-Age"
- "Access-Control-Allow-Methods"
- "Access-Control-Allow-Headers"
- "Vary"
- Parameters:
request
- preflight requestorigin
- request's origin- Returns:
- the preflight response
-
builder
Returns a newCorsPolicy
builder.- Returns:
- a new
CorsPolicy
builder.
-