org.jooby.handlers

Class Cors

java.lang.Object

org.jooby.handlers.Cors

public class Cors
extends Object

Cross-origin resource sharing

Cross-origin resource sharing (CORS) is a mechanism that allows restricted resources (e.g. fonts, JavaScript, etc.) on a web page to be requested from another domain outside the domain from which the resource originated.

This class represent the available options for configure CORS in Jooby.

usage

 {
   use("*", new CorsHandler(new Cors()));
 }
 

Previous example, adds a cors filter using the default cors options.

Since:

0.8.0

Author:

edgar

Constructor Summary

Constructors

Constructor and Description
Cors() Creates default Cors.
Cors(com.typesafe.config.Config config) Creates Cors options from Config:

Method Summary

Modifier and Type	Method and Description
List<String>	allowedHeaders()
List<String>	allowedMethods()
boolean	allowHeader(String header)
boolean	allowHeaders(List<String> headers) True if all the headers are allowed.
boolean	allowHeaders(String... headers) True if all the headers are allowed.
boolean	allowMethod(String method) True if the method is allowed.
boolean	allowOrigin(String origin) Test if the given origin is allowed or not.
boolean	anyHeader()
boolean	anyOrigin()
boolean	credentials() If true, set the Access-Control-Allow-Credentials header.
Cors	disabled() Disabled cors (enabled = false).
boolean	enabled()
List<String>	exposedHeaders()
int	maxAge()
List<String>	origin() An origin must be a "*" (any origin), a domain name (like, http://foo.com) and/or a regex (like, http://*.domain.com).
Cors	withExposedHeaders(List<String> exposedHeaders) Set the list of exposed headers.
Cors	withExposedHeaders(String... exposedHeaders) Set the list of exposed headers.
Cors	withHeaders(List<String> headers) Set one or more allowed headers.
Cors	withHeaders(String... headers) Set one or more allowed headers.
Cors	withMaxAge(int preflightMaxAge) Set the preflight max age header.
Cors	withMethods(List<String> methods) Set one or more allowed methods.
Cors	withMethods(String... methods) Set one or more allowed methods.
Cors	withOrigin(List<String> origin) Set the allowed origins.
Cors	withOrigin(String... origin) Set the allowed origins.
Cors	withoutCreds() Set credentials() to false.

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

Cors

@Inject
public Cors(@Named(value="cors")
                    com.typesafe.config.Config config)

Creates Cors options from Config:

  origin: "*"
  credentials: true
  allowedMethods: [GET, POST]
  allowedHeaders: [X-Requested-With, Content-Type, Accept, Origin]
  exposedHeaders: []
 

Parameters:

config - Config to use.

Cors

public Cors()

Creates default Cors. Default options are:

  origin: "*"
  credentials: true
  allowedMethods: [GET, POST]
  allowedHeaders: [X-Requested-With, Content-Type, Accept, Origin]
  exposedHeaders: []
 

Method Detail

withoutCreds

public Cors withoutCreds()

Set credentials() to false.

Returns:

This cors.

enabled

public boolean enabled()

Returns:

True, if cors is enabled. Controlled by: cors.enabled property. Default is: true.

disabled

public Cors disabled()

Disabled cors (enabled = false).

Returns:

This cors.

credentials

public boolean credentials()

If true, set the Access-Control-Allow-Credentials header. Controlled by: cors.credentials property. Default is: true

Returns:

If the Access-Control-Allow-Credentials header must be set.

anyOrigin

public boolean anyOrigin()

Returns:

True if any origin is accepted.

origin

public List<String> origin()

An origin must be a "*" (any origin), a domain name (like, http://foo.com) and/or a regex (like, http://*.domain.com).

Returns:

List of valid origins: Default is: *

allowOrigin

public boolean allowOrigin(String origin)

Test if the given origin is allowed or not.

Parameters:

origin - The origin to test.

Returns:

True if the origin is allowed.

withOrigin

public Cors withOrigin(String... origin)

Set the allowed origins. An origin must be a "*" (any origin), a domain name (like, http://foo.com) and/or a regex (like, http://*.domain.com).

Parameters:

origin - One ore more origin.

Returns:

This cors.

withOrigin

public Cors withOrigin(List<String> origin)

Set the allowed origins. An origin must be a "*" (any origin), a domain name (like, http://foo.com) and/or a regex (like, http://*.domain.com).

Parameters:

origin - One ore more origin.

Returns:

This cors.

allowMethod

public boolean allowMethod(String method)

True if the method is allowed.

Parameters:

method - Method to test.

Returns:

True if the method is allowed.

allowedMethods

public List<String> allowedMethods()

Returns:

List of allowed methods.

withMethods

public Cors withMethods(String... methods)

Set one or more allowed methods.

Parameters:

methods - One or more method.

Returns:

This cors.

withMethods

public Cors withMethods(List<String> methods)

Set one or more allowed methods.

Parameters:

methods - One or more method.

Returns:

This cors.

anyHeader

public boolean anyHeader()

Returns:

True if any header is allowed: *.

allowHeader

public boolean allowHeader(String header)

Parameters:

header - A header to test.

Returns:

True if a header is allowed.

allowHeaders

public boolean allowHeaders(String... headers)

True if all the headers are allowed.

Parameters:

headers - Headers to test.

Returns:

True if all the headers are allowed.

allowHeaders

public boolean allowHeaders(List<String> headers)

True if all the headers are allowed.

Parameters:

headers - Headers to test.

Returns:

True if all the headers are allowed.

allowedHeaders

public List<String> allowedHeaders()

Returns:

List of allowed headers. Default are: X-Requested-With, Content-Type, Accept and Origin.

withHeaders

public Cors withHeaders(String... headers)

Set one or more allowed headers. Possible values are a header name or * if any header is allowed.

Parameters:

headers - Headers to set.

Returns:

This cors.

withHeaders

public Cors withHeaders(List<String> headers)

Set one or more allowed headers. Possible values are a header name or * if any header is allowed.

Parameters:

headers - Headers to set.

Returns:

This cors.

exposedHeaders

public List<String> exposedHeaders()

Returns:

List of exposed headers.

withExposedHeaders

public Cors withExposedHeaders(String... exposedHeaders)

Set the list of exposed headers.

Parameters:

exposedHeaders - Headers to expose.

Returns:

This cors.

withExposedHeaders

public Cors withExposedHeaders(List<String> exposedHeaders)

Set the list of exposed headers.

Parameters:

exposedHeaders - Headers to expose.

Returns:

This cors.

maxAge

public int maxAge()

Returns:

Preflight max age. How many seconds a client can cache a preflight request.

withMaxAge

public Cors withMaxAge(int preflightMaxAge)

Set the preflight max age header. That's how many seconds a client can cache a preflight request.

Parameters:

preflightMaxAge - Number of seconds or -1 to turn this off.

Returns:

This cors.