Package io.netty.handler.codec.http.cors
Class CorsConfigBuilder
- java.lang.Object
-
- io.netty.handler.codec.http.cors.CorsConfigBuilder
-
public final class CorsConfigBuilder extends java.lang.ObjectBuilder used to configure and build aCorsConfiginstance.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description private static classCorsConfigBuilder.ConstantValueGeneratorThis class is used for preflight HTTP response values that do not need to be generated, but instead the value is "static" in that the same value will be returned for each call.private static classCorsConfigBuilder.DateValueGeneratorThis callable is used for the DATE preflight HTTP response HTTP header.
-
Field Summary
Fields Modifier and Type Field Description (package private) booleanallowCredentials(package private) booleanallowNullOrigin(package private) booleananyOrigin(package private) booleanenabled(package private) java.util.Set<java.lang.String>exposeHeaders(package private) longmaxAgeprivate booleannoPreflightHeaders(package private) java.util.Set<java.lang.String>origins(package private) java.util.Map<java.lang.CharSequence,java.util.concurrent.Callable<?>>preflightHeaders(package private) java.util.Set<java.lang.String>requestHeaders(package private) java.util.Set<HttpMethod>requestMethods(package private) booleanshortCircuit
-
Constructor Summary
Constructors Constructor Description CorsConfigBuilder()Creates a new Builder instance allowing any origin, "*" which is the wildcard origin.CorsConfigBuilder(java.lang.String... origins)Creates a new Builder instance with the origin passed in.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description CorsConfigBuilderallowCredentials()By default cookies are not included in CORS requests, but this method will enable cookies to be added to CORS requests.CorsConfigBuilderallowedRequestHeaders(java.lang.CharSequence... headers)Specifies the if headers that should be returned in the CORS 'Access-Control-Allow-Headers' response header.CorsConfigBuilderallowedRequestHeaders(java.lang.String... headers)Specifies the if headers that should be returned in the CORS 'Access-Control-Allow-Headers' response header.CorsConfigBuilderallowedRequestMethods(HttpMethod... methods)Specifies the allowed set of HTTP Request Methods that should be returned in the CORS 'Access-Control-Request-Method' response header.CorsConfigBuilderallowNullOrigin()Web browsers may set the 'Origin' request header to 'null' if a resource is loaded from the local file system.CorsConfigbuild()Builds aCorsConfigwith settings specified by previous method calls.CorsConfigBuilderdisable()Disables CORS support.CorsConfigBuilderexposeHeaders(java.lang.CharSequence... headers)Specifies the headers to be exposed to calling clients.CorsConfigBuilderexposeHeaders(java.lang.String... headers)Specifies the headers to be exposed to calling clients.static CorsConfigBuilderforAnyOrigin()Creates a Builder instance with it's origin set to '*'.static CorsConfigBuilderforOrigin(java.lang.String origin)Creates aCorsConfigBuilderinstance with the specified origin.static CorsConfigBuilderforOrigins(java.lang.String... origins)Creates aCorsConfigBuilderinstance with the specified origins.CorsConfigBuildermaxAge(long max)When making a preflight request the client has to perform two request with can be inefficient.CorsConfigBuildernoPreflightResponseHeaders()Specifies that no preflight response headers should be added to a preflight response.<T> CorsConfigBuilderpreflightResponseHeader(java.lang.CharSequence name, java.lang.Iterable<T> value)Returns HTTP response headers that should be added to a CORS preflight response.CorsConfigBuilderpreflightResponseHeader(java.lang.CharSequence name, java.lang.Object... values)Returns HTTP response headers that should be added to a CORS preflight response.<T> CorsConfigBuilderpreflightResponseHeader(java.lang.CharSequence name, java.util.concurrent.Callable<T> valueGenerator)Returns HTTP response headers that should be added to a CORS preflight response.CorsConfigBuildershortCircuit()Specifies that a CORS request should be rejected if it's invalid before being further processing.
-
-
-
Field Detail
-
origins
final java.util.Set<java.lang.String> origins
-
anyOrigin
final boolean anyOrigin
-
allowNullOrigin
boolean allowNullOrigin
-
enabled
boolean enabled
-
allowCredentials
boolean allowCredentials
-
exposeHeaders
final java.util.Set<java.lang.String> exposeHeaders
-
maxAge
long maxAge
-
requestMethods
final java.util.Set<HttpMethod> requestMethods
-
requestHeaders
final java.util.Set<java.lang.String> requestHeaders
-
preflightHeaders
final java.util.Map<java.lang.CharSequence,java.util.concurrent.Callable<?>> preflightHeaders
-
noPreflightHeaders
private boolean noPreflightHeaders
-
shortCircuit
boolean shortCircuit
-
-
Constructor Detail
-
CorsConfigBuilder
CorsConfigBuilder(java.lang.String... origins)
Creates a new Builder instance with the origin passed in.- Parameters:
origins- the origin to be used for this builder.
-
CorsConfigBuilder
CorsConfigBuilder()
Creates a new Builder instance allowing any origin, "*" which is the wildcard origin.
-
-
Method Detail
-
forAnyOrigin
public static CorsConfigBuilder forAnyOrigin()
Creates a Builder instance with it's origin set to '*'.- Returns:
- Builder to support method chaining.
-
forOrigin
public static CorsConfigBuilder forOrigin(java.lang.String origin)
Creates aCorsConfigBuilderinstance with the specified origin.- Returns:
CorsConfigBuilderto support method chaining.
-
forOrigins
public static CorsConfigBuilder forOrigins(java.lang.String... origins)
Creates aCorsConfigBuilderinstance with the specified origins.- Returns:
CorsConfigBuilderto support method chaining.
-
allowNullOrigin
public CorsConfigBuilder allowNullOrigin()
Web browsers may set the 'Origin' request header to 'null' if a resource is loaded from the local file system. Calling this method will enable a successful CORS response with a"null"value for the CORS response header 'Access-Control-Allow-Origin'.- Returns:
CorsConfigBuilderto support method chaining.
-
disable
public CorsConfigBuilder disable()
Disables CORS support.- Returns:
CorsConfigBuilderto support method chaining.
-
exposeHeaders
public CorsConfigBuilder exposeHeaders(java.lang.String... headers)
Specifies the headers to be exposed to calling clients. During a simple CORS request, only certain response headers are made available by the browser, for example using:xhr.getResponseHeader("Content-Type");The headers that are available by default are:- Cache-Control
- Content-Language
- Content-Type
- Expires
- Last-Modified
- Pragma
- Parameters:
headers- the values to be added to the 'Access-Control-Expose-Headers' response header- Returns:
CorsConfigBuilderto support method chaining.
-
exposeHeaders
public CorsConfigBuilder exposeHeaders(java.lang.CharSequence... headers)
Specifies the headers to be exposed to calling clients. During a simple CORS request, only certain response headers are made available by the browser, for example using:xhr.getResponseHeader(HttpHeaderNames.CONTENT_TYPE);
The headers that are available by default are:- Cache-Control
- Content-Language
- Content-Type
- Expires
- Last-Modified
- Pragma
- Parameters:
headers- the values to be added to the 'Access-Control-Expose-Headers' response header- Returns:
CorsConfigBuilderto support method chaining.
-
allowCredentials
public CorsConfigBuilder allowCredentials()
By default cookies are not included in CORS requests, but this method will enable cookies to be added to CORS requests. Calling this method will set the CORS 'Access-Control-Allow-Credentials' response header to true. Please note, that cookie support needs to be enabled on the client side as well. The client needs to opt-in to send cookies by calling:xhr.withCredentials = true;
The default value for 'withCredentials' is false in which case no cookies are sent. Setting this to true will included cookies in cross origin requests.- Returns:
CorsConfigBuilderto support method chaining.
-
maxAge
public CorsConfigBuilder maxAge(long max)
When making a preflight request the client has to perform two request with can be inefficient. This setting will set the CORS 'Access-Control-Max-Age' response header and enables the caching of the preflight response for the specified time. During this time no preflight request will be made.- Parameters:
max- the maximum time, in seconds, that the preflight response may be cached.- Returns:
CorsConfigBuilderto support method chaining.
-
allowedRequestMethods
public CorsConfigBuilder allowedRequestMethods(HttpMethod... methods)
Specifies the allowed set of HTTP Request Methods that should be returned in the CORS 'Access-Control-Request-Method' response header.- Parameters:
methods- theHttpMethods that should be allowed.- Returns:
CorsConfigBuilderto support method chaining.
-
allowedRequestHeaders
public CorsConfigBuilder allowedRequestHeaders(java.lang.String... headers)
Specifies the if headers that should be returned in the CORS 'Access-Control-Allow-Headers' response header. If a client specifies headers on the request, for example by calling:xhr.setRequestHeader('My-Custom-Header', "SomeValue");the server will receive the above header name in the 'Access-Control-Request-Headers' of the preflight request. The server will then decide if it allows this header to be sent for the real request (remember that a preflight is not the real request but a request asking the server if it allow a request).- Parameters:
headers- the headers to be added to the preflight 'Access-Control-Allow-Headers' response header.- Returns:
CorsConfigBuilderto support method chaining.
-
allowedRequestHeaders
public CorsConfigBuilder allowedRequestHeaders(java.lang.CharSequence... headers)
Specifies the if headers that should be returned in the CORS 'Access-Control-Allow-Headers' response header. If a client specifies headers on the request, for example by calling:xhr.setRequestHeader('My-Custom-Header', "SomeValue");the server will receive the above header name in the 'Access-Control-Request-Headers' of the preflight request. The server will then decide if it allows this header to be sent for the real request (remember that a preflight is not the real request but a request asking the server if it allow a request).- Parameters:
headers- the headers to be added to the preflight 'Access-Control-Allow-Headers' response header.- Returns:
CorsConfigBuilderto support method chaining.
-
preflightResponseHeader
public CorsConfigBuilder preflightResponseHeader(java.lang.CharSequence name, java.lang.Object... values)
Returns HTTP response headers that should be added to a CORS preflight response. An intermediary like a load balancer might require that a CORS preflight request have certain headers set. This enables such headers to be added.- Parameters:
name- the name of the HTTP header.values- the values for the HTTP header.- Returns:
CorsConfigBuilderto support method chaining.
-
preflightResponseHeader
public <T> CorsConfigBuilder preflightResponseHeader(java.lang.CharSequence name, java.lang.Iterable<T> value)
Returns HTTP response headers that should be added to a CORS preflight response. An intermediary like a load balancer might require that a CORS preflight request have certain headers set. This enables such headers to be added.- Type Parameters:
T- the type of values that the Iterable contains.- Parameters:
name- the name of the HTTP header.value- the values for the HTTP header.- Returns:
CorsConfigBuilderto support method chaining.
-
preflightResponseHeader
public <T> CorsConfigBuilder preflightResponseHeader(java.lang.CharSequence name, java.util.concurrent.Callable<T> valueGenerator)
Returns HTTP response headers that should be added to a CORS preflight response. An intermediary like a load balancer might require that a CORS preflight request have certain headers set. This enables such headers to be added. Some values must be dynamically created when the HTTP response is created, for example the 'Date' response header. This can be accomplished by using a Callable which will have its 'call' method invoked when the HTTP response is created.- Type Parameters:
T- the type of the value that the Callable can return.- Parameters:
name- the name of the HTTP header.valueGenerator- a Callable which will be invoked at HTTP response creation.- Returns:
CorsConfigBuilderto support method chaining.
-
noPreflightResponseHeaders
public CorsConfigBuilder noPreflightResponseHeaders()
Specifies that no preflight response headers should be added to a preflight response.- Returns:
CorsConfigBuilderto support method chaining.
-
shortCircuit
public CorsConfigBuilder shortCircuit()
Specifies that a CORS request should be rejected if it's invalid before being further processing. CORS headers are set after a request is processed. This may not always be desired and this setting will check that the Origin is valid and if it is not valid no further processing will take place, and an error will be returned to the calling client.- Returns:
CorsConfigBuilderto support method chaining.
-
build
public CorsConfig build()
Builds aCorsConfigwith settings specified by previous method calls.- Returns:
CorsConfigthe configured CorsConfig instance.
-
-