public abstract class CorsSettings extends CorsSettings
Public API but not intended for subclassing.
Constructor and Description |
---|
CorsSettings() |
Modifier and Type | Method and Description |
---|---|
abstract scala.collection.immutable.List<HttpHeader> |
actualResponseHeaders(scala.collection.immutable.Seq<HttpOrigin> origins) |
abstract boolean |
allowCredentials()
Indicates whether the resource supports user credentials.
|
abstract HttpHeaderRange |
allowedHeaders()
List of request headers that can be used when making an actual request.
|
abstract scala.collection.immutable.Seq<HttpMethod> |
allowedMethods()
List of methods that can be used when making an actual request.
|
abstract HttpOriginMatcher |
allowedOrigins()
List of origins that the CORS filter must allow.
|
abstract boolean |
allowGenericHttpRequests()
If
true , allow generic requests (that are outside the scope of the specification) to pass through the directive. |
static T |
apply(org.apache.pekko.actor.ActorSystem system) |
static T |
apply(com.typesafe.config.Config config) |
static T |
apply(java.lang.String configOverrides) |
static CorsSettings |
defaultSettings()
Deprecated.
Use other CorsSettings constructors. Since 1.0.0.
|
abstract scala.collection.immutable.Seq<java.lang.String> |
exposedHeaders()
List of headers (other than simple response headers) that browsers are allowed to access.
|
static CorsSettings |
fromSubConfig(com.typesafe.config.Config root,
com.typesafe.config.Config config) |
boolean |
getAllowCredentials() |
HttpHeaderRange |
getAllowedHeaders() |
java.lang.Iterable<HttpMethod> |
getAllowedMethods() |
HttpOriginMatcher |
getAllowedOrigins() |
boolean |
getAllowGenericHttpRequests() |
java.lang.Iterable<java.lang.String> |
getExposedHeaders() |
java.util.OptionalLong |
getMaxAge() |
abstract scala.Option<java.lang.Object> |
maxAge()
When set, the amount of seconds the browser is allowed to cache the results of a preflight request.
|
protected static java.lang.String |
prefix() |
abstract scala.collection.immutable.List<HttpHeader> |
preflightResponseHeaders(scala.collection.immutable.Seq<HttpOrigin> origins,
scala.collection.immutable.Seq<java.lang.String> requestHeaders) |
CorsSettings |
withAllowCredentials(boolean newValue) |
CorsSettings |
withAllowedHeaders(HttpHeaderRange newValue) |
CorsSettings |
withAllowedHeaders(HttpHeaderRange newValue) |
CorsSettings |
withAllowedMethods(java.lang.Iterable<HttpMethod> newValue) |
CorsSettings |
withAllowedMethods(scala.collection.immutable.Seq<HttpMethod> newValue) |
CorsSettings |
withAllowedOrigins(HttpOriginMatcher newValue) |
CorsSettings |
withAllowedOrigins(HttpOriginMatcher newValue) |
CorsSettings |
withAllowGenericHttpRequests(boolean newValue) |
CorsSettings |
withExposedHeaders(java.lang.Iterable<java.lang.String> newValue) |
CorsSettings |
withExposedHeaders(scala.collection.immutable.Seq<java.lang.String> newValue) |
CorsSettings |
withMaxAge(scala.Option<java.lang.Object> newValue) |
CorsSettings |
withMaxAge(java.util.OptionalLong newValue) |
create, create, create
public static CorsSettings defaultSettings()
apply()
methods
instead to have more control over the source of the configuration.public static CorsSettings fromSubConfig(com.typesafe.config.Config root, com.typesafe.config.Config config)
protected static java.lang.String prefix()
public static T apply(org.apache.pekko.actor.ActorSystem system)
public static T apply(java.lang.String configOverrides)
public static T apply(com.typesafe.config.Config config)
public abstract boolean allowGenericHttpRequests()
true
, allow generic requests (that are outside the scope of the specification) to pass through the directive.
Else, strict CORS filtering is applied and any invalid request will be rejected.
Default: true
public abstract boolean allowCredentials()
true
, the header Access-Control-Allow-Credentials
is set in the response, indicating that the actual request can include user credentials. Examples of user
credentials are: cookies, HTTP authentication or client-side certificates.
Default: true
https://www.w3.org/TR/cors/#access-control-allow-credentials-response-header Access-Control-Allow-Credentials}
public abstract HttpOriginMatcher allowedOrigins()
*
to allow access to the resource from any
origin. Controls the content of the Access-Control-Allow-Origin
response header: if parameter is *
and
credentials are not allowed, a *
is set in Access-Control-Allow-Origin
. Otherwise, the origins given in the
Origin
request header are echoed.
Hostname starting with *.
will match any sub-domain. The scheme and the port are always strictly matched.
The actual or preflight request is rejected if any of the origins from the request is not allowed.
Default: HttpOriginMatcher.*
https://www.w3.org/TR/cors/#access-control-allow-origin-response-header Access-Control-Allow-Origin}
public abstract HttpHeaderRange allowedHeaders()
Access-Control-Allow-Headers
header in a preflight response: if parameter is *
, the headers from
Access-Control-Request-Headers
are echoed. Otherwise the parameter list is returned as part of the header.
Default: HttpHeaderRange.*
https://www.w3.org/TR/cors/#access-control-allow-headers-response-header Access-Control-Allow-Headers}
public abstract scala.collection.immutable.Seq<HttpMethod> allowedMethods()
Access-Control-Allow-Methods
preflight response header.
The preflight request will be rejected if the Access-Control-Request-Method
header's method is not part of the
list.
Default: Seq(GET, POST, HEAD, OPTIONS)
https://www.w3.org/TR/cors/#access-control-allow-methods-response-header Access-Control-Allow-Methods}
public abstract scala.collection.immutable.Seq<java.lang.String> exposedHeaders()
Access-Control-Expose-Headers
header in the actual response.
Default: Seq.empty
https://www.w3.org/TR/cors/#simple-response-header Simple response headers}
,
https://www.w3.org/TR/cors/#access-control-expose-headers-response-header Access-Control-Expose-Headers}
public abstract scala.Option<java.lang.Object> maxAge()
Access-Control-Max-Age
preflight response header. If None
, the header is not added to
the preflight response.
Default: Some(30 * 60)
https://www.w3.org/TR/cors/#access-control-max-age-response-header Access-Control-Max-Age}
public boolean getAllowGenericHttpRequests()
getAllowGenericHttpRequests
in class CorsSettings
public boolean getAllowCredentials()
getAllowCredentials
in class CorsSettings
public HttpOriginMatcher getAllowedOrigins()
getAllowedOrigins
in class CorsSettings
public HttpHeaderRange getAllowedHeaders()
getAllowedHeaders
in class CorsSettings
public java.lang.Iterable<HttpMethod> getAllowedMethods()
getAllowedMethods
in class CorsSettings
public java.lang.Iterable<java.lang.String> getExposedHeaders()
getExposedHeaders
in class CorsSettings
public java.util.OptionalLong getMaxAge()
getMaxAge
in class CorsSettings
public CorsSettings withAllowGenericHttpRequests(boolean newValue)
withAllowGenericHttpRequests
in class CorsSettings
public CorsSettings withAllowCredentials(boolean newValue)
withAllowCredentials
in class CorsSettings
public CorsSettings withAllowedOrigins(HttpOriginMatcher newValue)
withAllowedOrigins
in class CorsSettings
public CorsSettings withAllowedHeaders(HttpHeaderRange newValue)
withAllowedHeaders
in class CorsSettings
public CorsSettings withAllowedMethods(java.lang.Iterable<HttpMethod> newValue)
withAllowedMethods
in class CorsSettings
public CorsSettings withExposedHeaders(java.lang.Iterable<java.lang.String> newValue)
withExposedHeaders
in class CorsSettings
public CorsSettings withMaxAge(java.util.OptionalLong newValue)
withMaxAge
in class CorsSettings
public CorsSettings withAllowedOrigins(HttpOriginMatcher newValue)
public CorsSettings withAllowedHeaders(HttpHeaderRange newValue)
public CorsSettings withAllowedMethods(scala.collection.immutable.Seq<HttpMethod> newValue)
public CorsSettings withExposedHeaders(scala.collection.immutable.Seq<java.lang.String> newValue)
public CorsSettings withMaxAge(scala.Option<java.lang.Object> newValue)
public abstract scala.collection.immutable.List<HttpHeader> preflightResponseHeaders(scala.collection.immutable.Seq<HttpOrigin> origins, scala.collection.immutable.Seq<java.lang.String> requestHeaders)
public abstract scala.collection.immutable.List<HttpHeader> actualResponseHeaders(scala.collection.immutable.Seq<HttpOrigin> origins)