Package org.forgerock.http.filter.cors
Class CorsPolicy
- java.lang.Object
-
- org.forgerock.http.filter.cors.CorsPolicy
-
public final class CorsPolicy extends Object
The CORS policy is responsible to handle both actual and preflight CORS requests and set the appropriate set of response headers based on its own configuration.Implementation Notes:
- Allowed methods: This class just echoes back values read from "Access-Control-Request-Method" if the method is accepted. Otherwise "Access-Control-Allow-Methods" response header is omitted.
- Allowed headers: This class just echos back the values read from "Access-Control-Request-Headers" if all requested headers are accepted. Otherwise "Access-Control-Allow-Headers" response header is omitted.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static classCorsPolicy.BuilderBuilder forCorsPolicyinstances.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description booleanacceptOrigin(String origin)Returnstrueif this policy is applicable for the givenorigin.static CorsPolicy.Builderbuilder()Returns a newCorsPolicybuilder.voidhandleActual(Response response, String origin)Handles the response of an actual CORS request.ResponsehandlePreflight(Request request, String origin)Produces the response for a CORS preflight request.
-
-
-
Method Detail
-
acceptOrigin
public boolean acceptOrigin(String origin)
Returnstrueif this policy is applicable for the givenorigin.- Parameters:
origin- origin to be tested- Returns:
trueif this policy is applicable for the givenorigin.
-
handleActual
public void handleActual(Response response, String origin)
Handles the response of an actual CORS request.It sets the following headers (if appropriate):
- "Access-Control-Allow-Origin"
- "Access-Control-Allow-Credentials"
- "Access-Control-Expose-Headers"
- "Vary"
- Parameters:
response- response from the actual requestorigin- request's origin
-
handlePreflight
public Response handlePreflight(Request request, String origin)
Produces the response for a CORS preflight request.It returns a 204 No Content and sets the following headers (if appropriate):
- "Access-Control-Allow-Origin"
- "Access-Control-Allow-Credentials"
- "Access-Control-Max-Age"
- "Access-Control-Allow-Methods"
- "Access-Control-Allow-Headers"
- "Vary"
- Parameters:
request- preflight requestorigin- request's origin- Returns:
- the preflight response
-
builder
public static CorsPolicy.Builder builder()
Returns a newCorsPolicybuilder.- Returns:
- a new
CorsPolicybuilder.
-
-