org.apache.pekko.http.cors.scaladsl.settings

Class CorsSettings

java.lang.Object

org.apache.pekko.http.cors.javadsl.settings.CorsSettings

org.apache.pekko.http.cors.scaladsl.settings.CorsSettings

Direct Known Subclasses:

CorsSettingsImpl

public abstract class CorsSettings
extends CorsSettings

Settings used by the CORS directives.

Public API but not intended for subclassing.

Constructor Summary

Constructors

Constructor and Description
CorsSettings()

Method Summary

Modifier and Type	Method and Description
abstract scala.collection.immutable.List<HttpHeader>	actualResponseHeaders(scala.collection.immutable.Seq<HttpOrigin> origins)
abstract boolean	allowCredentials() Indicates whether the resource supports user credentials.
abstract HttpHeaderRange	allowedHeaders() List of request headers that can be used when making an actual request.
abstract scala.collection.immutable.Seq<HttpMethod>	allowedMethods() List of methods that can be used when making an actual request.
abstract HttpOriginMatcher	allowedOrigins() List of origins that the CORS filter must allow.
abstract boolean	allowGenericHttpRequests() If true, allow generic requests (that are outside the scope of the specification) to pass through the directive.
static T	apply(org.apache.pekko.actor.ActorSystem system)
static T	apply(com.typesafe.config.Config config)
static T	apply(java.lang.String configOverrides)
static CorsSettings	defaultSettings() Deprecated. Use other CorsSettings constructors. Since 1.0.0.
abstract scala.collection.immutable.Seq<java.lang.String>	exposedHeaders() List of headers (other than simple response headers) that browsers are allowed to access.
static CorsSettings	fromSubConfig(com.typesafe.config.Config root, com.typesafe.config.Config config)
boolean	getAllowCredentials()
HttpHeaderRange	getAllowedHeaders()
java.lang.Iterable<HttpMethod>	getAllowedMethods()
HttpOriginMatcher	getAllowedOrigins()
boolean	getAllowGenericHttpRequests()
java.lang.Iterable<java.lang.String>	getExposedHeaders()
java.util.OptionalLong	getMaxAge()
abstract scala.Option<java.lang.Object>	maxAge() When set, the amount of seconds the browser is allowed to cache the results of a preflight request.
protected static java.lang.String	prefix()
abstract scala.collection.immutable.List<HttpHeader>	preflightResponseHeaders(scala.collection.immutable.Seq<HttpOrigin> origins, scala.collection.immutable.Seq<java.lang.String> requestHeaders)
CorsSettings	withAllowCredentials(boolean newValue)
CorsSettings	withAllowedHeaders(HttpHeaderRange newValue)
CorsSettings	withAllowedHeaders(HttpHeaderRange newValue)
CorsSettings	withAllowedMethods(java.lang.Iterable<HttpMethod> newValue)
CorsSettings	withAllowedMethods(scala.collection.immutable.Seq<HttpMethod> newValue)
CorsSettings	withAllowedOrigins(HttpOriginMatcher newValue)
CorsSettings	withAllowedOrigins(HttpOriginMatcher newValue)
CorsSettings	withAllowGenericHttpRequests(boolean newValue)
CorsSettings	withExposedHeaders(java.lang.Iterable<java.lang.String> newValue)
CorsSettings	withExposedHeaders(scala.collection.immutable.Seq<java.lang.String> newValue)
CorsSettings	withMaxAge(scala.Option<java.lang.Object> newValue)
CorsSettings	withMaxAge(java.util.OptionalLong newValue)

Methods inherited from class org.apache.pekko.http.cors.javadsl.settings.CorsSettings

create, create, create

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

CorsSettings

public CorsSettings()

Method Detail

defaultSettings

public static CorsSettings defaultSettings()

Deprecated. Use other CorsSettings constructors. Since 1.0.0.

Settings from the default loaded configuration. Note that application code may want to use the apply() methods instead to have more control over the source of the configuration.

Returns:

(undocumented)

fromSubConfig

public static CorsSettings fromSubConfig(com.typesafe.config.Config root,
                                         com.typesafe.config.Config config)

prefix

protected static java.lang.String prefix()

apply

public static T apply(org.apache.pekko.actor.ActorSystem system)

apply

public static T apply(java.lang.String configOverrides)

apply

public static T apply(com.typesafe.config.Config config)

allowGenericHttpRequests

public abstract boolean allowGenericHttpRequests()

If true, allow generic requests (that are outside the scope of the specification) to pass through the directive. Else, strict CORS filtering is applied and any invalid request will be rejected.

Default: true

Returns:

(undocumented)

allowCredentials

public abstract boolean allowCredentials()

Indicates whether the resource supports user credentials. If true, the header Access-Control-Allow-Credentials is set in the response, indicating that the actual request can include user credentials. Examples of user credentials are: cookies, HTTP authentication or client-side certificates.

Default: true

Returns:

(undocumented)

See Also:

https://www.w3.org/TR/cors/#access-control-allow-credentials-response-header Access-Control-Allow-Credentials}

allowedOrigins

public abstract HttpOriginMatcher allowedOrigins()

List of origins that the CORS filter must allow. Can also be set to * to allow access to the resource from any origin. Controls the content of the Access-Control-Allow-Origin response header: if parameter is * and credentials are not allowed, a * is set in Access-Control-Allow-Origin. Otherwise, the origins given in the Origin request header are echoed.

Hostname starting with *. will match any sub-domain. The scheme and the port are always strictly matched.

The actual or preflight request is rejected if any of the origins from the request is not allowed.

Default: HttpOriginMatcher.*

Returns:

(undocumented)

See Also:

https://www.w3.org/TR/cors/#access-control-allow-origin-response-header Access-Control-Allow-Origin}

allowedHeaders

public abstract HttpHeaderRange allowedHeaders()

List of request headers that can be used when making an actual request. Controls the content of the Access-Control-Allow-Headers header in a preflight response: if parameter is *, the headers from Access-Control-Request-Headers are echoed. Otherwise the parameter list is returned as part of the header.

Default: HttpHeaderRange.*

Returns:

(undocumented)

See Also:

https://www.w3.org/TR/cors/#access-control-allow-headers-response-header Access-Control-Allow-Headers}

allowedMethods

public abstract scala.collection.immutable.Seq<HttpMethod> allowedMethods()

List of methods that can be used when making an actual request. The list is returned as part of the Access-Control-Allow-Methods preflight response header.

The preflight request will be rejected if the Access-Control-Request-Method header's method is not part of the list.

Default: Seq(GET, POST, HEAD, OPTIONS)

Returns:

(undocumented)

See Also:

https://www.w3.org/TR/cors/#access-control-allow-methods-response-header Access-Control-Allow-Methods}

exposedHeaders

public abstract scala.collection.immutable.Seq<java.lang.String> exposedHeaders()

List of headers (other than simple response headers) that browsers are allowed to access. If not empty, this list is returned as part of the Access-Control-Expose-Headers header in the actual response.

Default: Seq.empty

Returns:

(undocumented)

See Also:

https://www.w3.org/TR/cors/#simple-response-header Simple response headers}, https://www.w3.org/TR/cors/#access-control-expose-headers-response-header Access-Control-Expose-Headers}

maxAge

public abstract scala.Option<java.lang.Object> maxAge()

When set, the amount of seconds the browser is allowed to cache the results of a preflight request. This value is returned as part of the Access-Control-Max-Age preflight response header. If None, the header is not added to the preflight response.

Default: Some(30 * 60)

Returns:

(undocumented)

See Also:

https://www.w3.org/TR/cors/#access-control-max-age-response-header Access-Control-Max-Age}

getAllowGenericHttpRequests

public boolean getAllowGenericHttpRequests()

Specified by:

getAllowGenericHttpRequests in class CorsSettings

getAllowCredentials

public boolean getAllowCredentials()

Specified by:

getAllowCredentials in class CorsSettings

getAllowedOrigins

public HttpOriginMatcher getAllowedOrigins()

Specified by:

getAllowedOrigins in class CorsSettings

getAllowedHeaders

public HttpHeaderRange getAllowedHeaders()

Specified by:

getAllowedHeaders in class CorsSettings

getAllowedMethods

public java.lang.Iterable<HttpMethod> getAllowedMethods()

Specified by:

getAllowedMethods in class CorsSettings

getExposedHeaders

public java.lang.Iterable<java.lang.String> getExposedHeaders()

Specified by:

getExposedHeaders in class CorsSettings

getMaxAge

public java.util.OptionalLong getMaxAge()

Specified by:

getMaxAge in class CorsSettings

withAllowGenericHttpRequests

public CorsSettings withAllowGenericHttpRequests(boolean newValue)

Specified by:

withAllowGenericHttpRequests in class CorsSettings

withAllowCredentials

public CorsSettings withAllowCredentials(boolean newValue)

Specified by:

withAllowCredentials in class CorsSettings

withAllowedOrigins

public CorsSettings withAllowedOrigins(HttpOriginMatcher newValue)

Specified by:

withAllowedOrigins in class CorsSettings

withAllowedHeaders

public CorsSettings withAllowedHeaders(HttpHeaderRange newValue)

Specified by:

withAllowedHeaders in class CorsSettings

withAllowedMethods

public CorsSettings withAllowedMethods(java.lang.Iterable<HttpMethod> newValue)

Specified by:

withAllowedMethods in class CorsSettings

withExposedHeaders

public CorsSettings withExposedHeaders(java.lang.Iterable<java.lang.String> newValue)

Specified by:

withExposedHeaders in class CorsSettings

withMaxAge

public CorsSettings withMaxAge(java.util.OptionalLong newValue)

Specified by:

withMaxAge in class CorsSettings

withAllowedOrigins

public CorsSettings withAllowedOrigins(HttpOriginMatcher newValue)

withAllowedHeaders

public CorsSettings withAllowedHeaders(HttpHeaderRange newValue)

withAllowedMethods

public CorsSettings withAllowedMethods(scala.collection.immutable.Seq<HttpMethod> newValue)

withExposedHeaders

public CorsSettings withExposedHeaders(scala.collection.immutable.Seq<java.lang.String> newValue)

withMaxAge

public CorsSettings withMaxAge(scala.Option<java.lang.Object> newValue)

preflightResponseHeaders

public abstract scala.collection.immutable.List<HttpHeader> preflightResponseHeaders(scala.collection.immutable.Seq<HttpOrigin> origins,
                                                                                     scala.collection.immutable.Seq<java.lang.String> requestHeaders)

actualResponseHeaders

public abstract scala.collection.immutable.List<HttpHeader> actualResponseHeaders(scala.collection.immutable.Seq<HttpOrigin> origins)