Package org.restlet.engine.application

Class CorsResponseHelper

java.lang.Object
org.restlet.engine.application.CorsResponseHelper
public class CorsResponseHelper extends Object
Helps to generate response CORS headers.
The CORS specification defines a subset of methods qualified as simple HEAD, GET and POST. Any other methods should send a preflight request with the method OPTIONS.
Author:
Manuel Boillod
See Also:

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    boolean
    allowAllRequestedHeaders
    If true, copies the value of 'Access-Control-Request-Headers' request header into the 'Access-Control-Allow-Headers' response header.
    boolean
    allowedCredentials
    If true, add 'Access-Control-Allow-Credentials' header.
    Set<String>
    allowedHeaders
    The value of 'Access-Control-Allow-Headers' response header.
    Set<String>
    allowedOrigins
    The value of 'Access-Control-Allow-Origin' header.
    Set<String>
    exposedHeaders
    The value of 'Access-Control-Expose-Headers' response header.
    int
    maxAge
    The value of 'Access-Control-Max-Age' response header.

  • Constructor Summary

    Constructors
    Constructor
    Description
    CorsResponseHelper()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    void
    addCorsResponseHeaders(Request request, Response response)
    Adds CORS headers to the given response.
    Set<String>
    getAllowedHeaders()
    Returns the modifiable set of headers allowed by the actual request on the current resource.
    Note that when used with HTTP connectors, this property maps to the "Access-Control-Allow-Headers" header.
    Set<String>
    getAllowedOrigins()
    Returns the URI an origin server allows for the requested resource.
    Set<String>
    getExposedHeaders()
    Returns a modifiable whitelist of headers an origin server allows for the requested resource.
    Note that when used with HTTP connectors, this property maps to the "Access-Control-Expose-Headers" header.
    int
    getMaxAge()
    Indicates how long (in seconds) the results of a preflight request can be cached in a preflight result cache.
    In case of a negative value, the results of a preflight request is not meant to be cached.
    Note that when used with HTTP connectors, this property maps to the "Access-Control-Max-Age" header.
    boolean
    isAllowAllRequestedHeaders()
    If true, indicates that the value of 'Access-Control-Request-Headers' request header will be copied into the 'Access-Control-Allow-Headers' response header.
    boolean
    isAllowedCredentials()
    If true, adds 'Access-Control-Allow-Credentials' header.
    boolean
    isCorsRequest(Request request)
    Returns true if the request is a CORS request.
    void
    setAllowAllRequestedHeaders(boolean allowAllRequestedHeaders)
    If true, copies the value of 'Access-Control-Request-Headers' request header into the 'Access-Control-Allow-Headers' response header.
    void
    setAllowedCredentials(boolean allowedCredentials)
    If true, adds 'Access-Control-Allow-Credentials' header.
    void
    setAllowedHeaders(Set<String> allowedHeaders)
    Sets the value of the 'Access-Control-Allow-Headers' response header.
    void
    setAllowedOrigins(Set<String> allowedOrigins)
    Sets the value of 'Access-Control-Allow-Origin' header.
    void
    setExposedHeaders(Set<String> exposedHeaders)
    Sets the value of 'Access-Control-Expose-Headers' response header.
    void
    setMaxAge(int maxAge)
    Sets the value of 'Access-Control-Max-Age' response header.
    In case of negative value, the header is not set.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

    • allowAllRequestedHeaders

      public boolean allowAllRequestedHeaders
      If true, copies the value of 'Access-Control-Request-Headers' request header into the 'Access-Control-Allow-Headers' response header. If false, use allowedHeaders. Default is true.

    • allowedCredentials

      public boolean allowedCredentials
      If true, add 'Access-Control-Allow-Credentials' header. Default is false.

    • allowedHeaders

      public Set<String> allowedHeaders
      The value of 'Access-Control-Allow-Headers' response header. Used only if allowAllRequestedHeaders is false.

    • allowedOrigins

      public Set<String> allowedOrigins
      The value of 'Access-Control-Allow-Origin' header. Default is '*'.

    • exposedHeaders

      public Set<String> exposedHeaders
      The value of 'Access-Control-Expose-Headers' response header.

    • maxAge

      public int maxAge
      The value of 'Access-Control-Max-Age' response header. Default is that the header is not set.

  • Constructor Details

    • CorsResponseHelper

      public CorsResponseHelper()

  • Method Details

    • addCorsResponseHeaders

      public void addCorsResponseHeaders(Request request, Response response)
      Adds CORS headers to the given response.
      Parameters:
      request - The current request.
      response - The response.

    • getAllowedHeaders

      public Set<String> getAllowedHeaders()
      Returns the modifiable set of headers allowed by the actual request on the current resource.
      Note that when used with HTTP connectors, this property maps to the "Access-Control-Allow-Headers" header.
      Returns:
      The set of headers allowed by the actual request on the current resource.

    • getAllowedOrigins

      public Set<String> getAllowedOrigins()
      Returns the URI an origin server allows for the requested resource. Use "*" as a wildcard character.
      Note that when used with HTTP connectors, this property maps to the "Access-Control-Allow-Origin" header.
      Returns:
      The origin allowed by the requested resource.

    • getExposedHeaders

      public Set<String> getExposedHeaders()
      Returns a modifiable whitelist of headers an origin server allows for the requested resource.
      Note that when used with HTTP connectors, this property maps to the "Access-Control-Expose-Headers" header.
      Returns:
      The set of headers an origin server allows for the requested resource.

    • getMaxAge

      public int getMaxAge()
      Indicates how long (in seconds) the results of a preflight request can be cached in a preflight result cache.
      In case of a negative value, the results of a preflight request is not meant to be cached.
      Note that when used with HTTP connectors, this property maps to the "Access-Control-Max-Age" header.
      Returns:
      Indicates how long the results of a preflight request can be cached in a preflight result cache.

    • isAllowAllRequestedHeaders

      public boolean isAllowAllRequestedHeaders()
      If true, indicates that the value of 'Access-Control-Request-Headers' request header will be copied into the 'Access-Control-Allow-Headers' response header. If false, use allowedHeaders.

    • isAllowedCredentials

      public boolean isAllowedCredentials()
      If true, adds 'Access-Control-Allow-Credentials' header.
      Returns:
      True, if the 'Access-Control-Allow-Credentials' header will be added.

    • isCorsRequest

      public boolean isCorsRequest(Request request)
      Returns true if the request is a CORS request.
      Parameters:
      request - The current request.
      Returns:
      true if the request is a CORS request.

    • setAllowAllRequestedHeaders

      public void setAllowAllRequestedHeaders(boolean allowAllRequestedHeaders)
      If true, copies the value of 'Access-Control-Request-Headers' request header into the 'Access-Control-Allow-Headers' response header. If false, use allowedHeaders.
      Parameters:
      allowAllRequestedHeaders - True to copy the value of 'Access-Control-Request-Headers' request header into the 'Access-Control-Allow-Headers' response header. If false, use allowedHeaders.

    • setAllowedCredentials

      public void setAllowedCredentials(boolean allowedCredentials)
      If true, adds 'Access-Control-Allow-Credentials' header.
      Parameters:
      allowedCredentials - True to add the 'Access-Control-Allow-Credentials' header.

    • setAllowedHeaders

      public void setAllowedHeaders(Set<String> allowedHeaders)
      Sets the value of the 'Access-Control-Allow-Headers' response header. Used only if allowAllRequestedHeaders is false.
      Parameters:
      allowedHeaders - The value of 'Access-Control-Allow-Headers' response header.

    • setAllowedOrigins

      public void setAllowedOrigins(Set<String> allowedOrigins)
      Sets the value of 'Access-Control-Allow-Origin' header.
      Parameters:
      allowedOrigins - The value of 'Access-Control-Allow-Origin' header.

    • setExposedHeaders

      public void setExposedHeaders(Set<String> exposedHeaders)
      Sets the value of 'Access-Control-Expose-Headers' response header.
      Parameters:
      exposedHeaders - The value of 'Access-Control-Expose-Headers' response header.

    • setMaxAge

      public void setMaxAge(int maxAge)
      Sets the value of 'Access-Control-Max-Age' response header.
      In case of negative value, the header is not set.
      Parameters:
      maxAge - The value of 'Access-Control-Max-Age' response header.