Package org.apache.pekko.http.cors.scaladsl.settings

Class CorsSettings

java.lang.Object
org.apache.pekko.http.cors.javadsl.settings.CorsSettings
org.apache.pekko.http.cors.scaladsl.settings.CorsSettings
Direct Known Subclasses:
CorsSettingsImpl
public abstract class CorsSettings extends CorsSettings
Settings used by the CORS directives.

Public API but not intended for subclassing.

  • Constructor Details

    • CorsSettings

      public CorsSettings()

  • Method Details

    • fromSubConfig

      public static CorsSettings fromSubConfig(com.typesafe.config.Config root, com.typesafe.config.Config config)

    • prefix

      protected static String prefix()

    • apply

      public static T apply(org.apache.pekko.actor.ActorSystem system)

    • apply

      public static T apply(String configOverrides)

    • apply

      public static T apply(com.typesafe.config.Config config)

    • allowGenericHttpRequests

      public abstract boolean allowGenericHttpRequests()
      If true, allow generic requests (that are outside the scope of the specification) to pass through the directive. Else, strict CORS filtering is applied and any invalid request will be rejected.

      Default: true

      Returns:
      (undocumented)

    • allowCredentials

      public abstract boolean allowCredentials()
      Indicates whether the resource supports user credentials. If true, the header Access-Control-Allow-Credentials is set in the response, indicating that the actual request can include user credentials. Examples of user credentials are: cookies, HTTP authentication or client-side certificates.

      Default: true

      Returns:
      (undocumented)

    • allowedOrigins

      public abstract HttpOriginMatcher allowedOrigins()
      List of origins that the CORS filter must allow. Can also be set to * to allow access to the resource from any origin. Controls the content of the Access-Control-Allow-Origin response header: if parameter is * and credentials are not allowed, a * is set in Access-Control-Allow-Origin. Otherwise, the origins given in the Origin request header are echoed.

      Hostname starting with *. will match any sub-domain. The scheme and the port are always strictly matched.

      The actual or preflight request is rejected if any of the origins from the request is not allowed.

      Default: HttpOriginMatcher.*

      Returns:
      (undocumented)

    • allowedHeaders

      public abstract HttpHeaderRange allowedHeaders()
      List of request headers that can be used when making an actual request. Controls the content of the Access-Control-Allow-Headers header in a preflight response: if parameter is *, the headers from Access-Control-Request-Headers are echoed. Otherwise the parameter list is returned as part of the header.

      Default: HttpHeaderRange.*

      Returns:
      (undocumented)

    • allowedMethods

      public abstract scala.collection.immutable.Seq<HttpMethod> allowedMethods()
      List of methods that can be used when making an actual request. The list is returned as part of the Access-Control-Allow-Methods preflight response header.

      The preflight request will be rejected if the Access-Control-Request-Method header's method is not part of the list.

      Default: Seq(GET, POST, HEAD, OPTIONS)

      Returns:
      (undocumented)

    • exposedHeaders

      public abstract scala.collection.immutable.Seq<String> exposedHeaders()
      List of headers (other than simple response headers) that browsers are allowed to access. If not empty, this list is returned as part of the Access-Control-Expose-Headers header in the actual response.

      Default: Seq.empty

      Returns:
      (undocumented)

    • maxAge

      public abstract scala.Option<Object> maxAge()
      When set, the amount of seconds the browser is allowed to cache the results of a preflight request. This value is returned as part of the Access-Control-Max-Age preflight response header. If None, the header is not added to the preflight response.

      Default: Some(30 * 60)

      Returns:
      (undocumented)

    • getAllowGenericHttpRequests

      public boolean getAllowGenericHttpRequests()
      Specified by:
      getAllowGenericHttpRequests in class CorsSettings

    • getAllowCredentials

      public boolean getAllowCredentials()
      Specified by:
      getAllowCredentials in class CorsSettings

    • getAllowedOrigins

      public HttpOriginMatcher getAllowedOrigins()
      Specified by:
      getAllowedOrigins in class CorsSettings

    • getAllowedHeaders

      public HttpHeaderRange getAllowedHeaders()
      Specified by:
      getAllowedHeaders in class CorsSettings

    • getAllowedMethods

      public Iterable<HttpMethod> getAllowedMethods()
      Specified by:
      getAllowedMethods in class CorsSettings

    • getExposedHeaders

      public Iterable<String> getExposedHeaders()
      Specified by:
      getExposedHeaders in class CorsSettings

    • getMaxAge

      public OptionalLong getMaxAge()
      Specified by:
      getMaxAge in class CorsSettings

    • withAllowGenericHttpRequests

      public CorsSettings withAllowGenericHttpRequests(boolean newValue)
      Specified by:
      withAllowGenericHttpRequests in class CorsSettings

    • withAllowCredentials

      public CorsSettings withAllowCredentials(boolean newValue)
      Specified by:
      withAllowCredentials in class CorsSettings

    • withAllowedOrigins

      public CorsSettings withAllowedOrigins(HttpOriginMatcher newValue)
      Specified by:
      withAllowedOrigins in class CorsSettings

    • withAllowedHeaders

      public CorsSettings withAllowedHeaders(HttpHeaderRange newValue)
      Specified by:
      withAllowedHeaders in class CorsSettings

    • withAllowedMethods

      public CorsSettings withAllowedMethods(Iterable<HttpMethod> newValue)
      Specified by:
      withAllowedMethods in class CorsSettings

    • withExposedHeaders

      public CorsSettings withExposedHeaders(Iterable<String> newValue)
      Specified by:
      withExposedHeaders in class CorsSettings

    • withMaxAge

      public CorsSettings withMaxAge(OptionalLong newValue)
      Specified by:
      withMaxAge in class CorsSettings

    • withAllowedOrigins

      public CorsSettings withAllowedOrigins(HttpOriginMatcher newValue)

    • withAllowedHeaders

      public CorsSettings withAllowedHeaders(HttpHeaderRange newValue)

    • withAllowedMethods

      public CorsSettings withAllowedMethods(scala.collection.immutable.Seq<HttpMethod> newValue)

    • withExposedHeaders

      public CorsSettings withExposedHeaders(scala.collection.immutable.Seq<String> newValue)

    • withMaxAge

      public CorsSettings withMaxAge(scala.Option<Object> newValue)

    • preflightResponseHeaders

      public abstract scala.collection.immutable.List<HttpHeader> preflightResponseHeaders(scala.collection.immutable.Seq<HttpOrigin> origins, scala.collection.immutable.Seq<String> requestHeaders)

    • actualResponseHeaders

      public abstract scala.collection.immutable.List<HttpHeader> actualResponseHeaders(scala.collection.immutable.Seq<HttpOrigin> origins)