Interface CorsHandlerHelper
-
- All Known Implementing Classes:
CorsHandlerHelperImpl
public interface CorsHandlerHelper
Service that provides useful methods forCorsHandlerimplementations.- Since:
- 5.8.2
- See Also:
CorsHandler
-
-
Field Summary
Fields Modifier and Type Field Description static java.lang.StringALLOW_CREDENTIALS_HEADERName of the Access-Control-Allow-Credentials HTTP header.static java.lang.StringALLOW_HEADERS_HEADERName of the Access-Control-Allow-Headers HTTP header.static java.lang.StringALLOW_METHODS_HEADERName of the Access-Control-Allow-Methods HTTP header.static java.lang.StringALLOW_ORIGIN_HEADERName of the Access-Control-Allow-Origin HTTP header.static java.lang.StringEXPOSE_HEADERS_HEADERName of the Access-Control-Expose-Headers HTTP header.static java.lang.StringMAX_AGE_HEADERName of the Access-Control-Max-Age HTTP header.static java.lang.StringOPTIONS_METHODOPTIONS HTTP method name.static java.lang.StringORIGIN_HEADERName of the Origin HTTP header.static java.lang.StringORIGIN_WILDCARDThe CORS Origin wildcard.static java.lang.StringREQUEST_HEADERS_HEADERName of the Access-Control-Request-Headers HTTP header.static java.lang.StringVARY_HEADERName of the Vary HTTP header.
-
Method Summary
All Methods Instance Methods Abstract Methods Default Methods Modifier and Type Method Description default voidaddValueToVaryHeader(HttpServletResponse response, java.lang.String value)Adds a value to the Vary HTTP header.voidconfigureAllowedHeaders(HttpServletResponse response, HttpServletRequest request)Conditionally the Access-Control-Request-Headers HTTP header.voidconfigureCredentials(HttpServletResponse response)Conditionally sets the Access-Control-Allow-Credentials HTTP header.voidconfigureExposeHeaders(HttpServletResponse response)Conditionally sets the Access-Control-Expose-Headers HTTP header.voidconfigureMaxAge(HttpServletResponse response)Conditionally sets the Access-Control-Max-Age HTTP header.voidconfigureMethods(HttpServletResponse response)Conditionally sets the Access-Control-Allow-Methods HTTP header in responses to preflight CORS requests.voidconfigureOrigin(HttpServletResponse response, java.lang.String value)Sets the Access-Control-Allow-Origin HTTP header with a given value.java.util.Optional<java.lang.String>getAllowedOrigin(HttpServletRequest request)Returns the origin of this requests, if it's allowed.java.util.Optional<java.lang.String>getOrigin(HttpServletRequest request)Returns the value of the Origin HTTP header.java.lang.StringgetPath(HttpServletRequest request)Returns the requested URL path, using the same logic asRequest.getPath().booleanisPreflight(HttpServletRequest request)Tells whether this request is a CORS preflight one (i.e.
-
-
-
Field Detail
-
ORIGIN_HEADER
static final java.lang.String ORIGIN_HEADER
Name of the Origin HTTP header.- See Also:
- Constant Field Values
-
ALLOW_ORIGIN_HEADER
static final java.lang.String ALLOW_ORIGIN_HEADER
Name of the Access-Control-Allow-Origin HTTP header.- See Also:
- Constant Field Values
-
ALLOW_CREDENTIALS_HEADER
static final java.lang.String ALLOW_CREDENTIALS_HEADER
Name of the Access-Control-Allow-Credentials HTTP header.- See Also:
- Constant Field Values
-
ALLOW_METHODS_HEADER
static final java.lang.String ALLOW_METHODS_HEADER
Name of the Access-Control-Allow-Methods HTTP header.- See Also:
- Constant Field Values
-
REQUEST_HEADERS_HEADER
static final java.lang.String REQUEST_HEADERS_HEADER
Name of the Access-Control-Request-Headers HTTP header.- See Also:
- Constant Field Values
-
ALLOW_HEADERS_HEADER
static final java.lang.String ALLOW_HEADERS_HEADER
Name of the Access-Control-Allow-Headers HTTP header.- See Also:
- Constant Field Values
-
EXPOSE_HEADERS_HEADER
static final java.lang.String EXPOSE_HEADERS_HEADER
Name of the Access-Control-Expose-Headers HTTP header.- See Also:
- Constant Field Values
-
MAX_AGE_HEADER
static final java.lang.String MAX_AGE_HEADER
Name of the Access-Control-Max-Age HTTP header.- See Also:
- Constant Field Values
-
VARY_HEADER
static final java.lang.String VARY_HEADER
Name of the Vary HTTP header.- See Also:
- Constant Field Values
-
OPTIONS_METHOD
static final java.lang.String OPTIONS_METHOD
OPTIONS HTTP method name.- See Also:
- Constant Field Values
-
ORIGIN_WILDCARD
static final java.lang.String ORIGIN_WILDCARD
The CORS Origin wildcard.- See Also:
- Constant Field Values
-
-
Method Detail
-
getPath
java.lang.String getPath(HttpServletRequest request)
Returns the requested URL path, using the same logic asRequest.getPath().- Parameters:
request- anHttpServletRequest.- Returns:
- a
Stringwith the path.
-
getOrigin
java.util.Optional<java.lang.String> getOrigin(HttpServletRequest request)
Returns the value of the Origin HTTP header.- Parameters:
request- anHttpServletRequest.- Returns:
- an
Optionalwrapping the Origin HTTP header value.
-
isPreflight
boolean isPreflight(HttpServletRequest request)
Tells whether this request is a CORS preflight one (i.e. HTTP method OPTION and non-empty Origin HTTP header).- Parameters:
request- anHttpServletRequest.- Returns:
trueif it's a preflight request,falseotherwise.
-
getAllowedOrigin
java.util.Optional<java.lang.String> getAllowedOrigin(HttpServletRequest request)
Returns the origin of this requests, if it's allowed.- Parameters:
request- anHttpServletRequest.- Returns:
- an
Optionalwrapping the allowed origin. - See Also:
TapestryHttpSymbolConstants.CORS_ALLOWED_ORIGINS
-
configureOrigin
void configureOrigin(HttpServletResponse response, java.lang.String value)
Sets the Access-Control-Allow-Origin HTTP header with a given value.- Parameters:
value- a String.response- anHttpServletResponseinstance.- See Also:
ALLOW_ORIGIN_HEADER
-
configureCredentials
void configureCredentials(HttpServletResponse response)
Conditionally sets the Access-Control-Allow-Credentials HTTP header. Out-of-the-box, this is done based on theTapestryHttpSymbolConstants.CORS_ALLOW_CREDENTIALSsymbol.- Parameters:
response- anHttpServletResponse.- See Also:
TapestryHttpSymbolConstants.CORS_ALLOW_CREDENTIALS
-
configureMethods
void configureMethods(HttpServletResponse response)
Conditionally sets the Access-Control-Allow-Methods HTTP header in responses to preflight CORS requests. Out-of-the-box, the value comes fromTapestryHttpSymbolConstants.CORS_ALLOW_CREDENTIALSsymbol and the header is only set if the value isn't empty.- Parameters:
response- anHttpServletResponse.- See Also:
TapestryHttpSymbolConstants.CORS_ALLOW_CREDENTIALS
-
configureAllowedHeaders
void configureAllowedHeaders(HttpServletResponse response, HttpServletRequest request)
Conditionally the Access-Control-Request-Headers HTTP header. Out-of-the-box, the value comes fromTapestryHttpSymbolConstants.CORS_ALLOWED_HEADERSsymbol if not empty. Otherwise, it comes from the value of the same HTTP header from the request, also if not empty. Otherwise, the header isn't set.- Parameters:
response- anHttpServletResponse.request- anHttpServletRequest.- See Also:
TapestryHttpSymbolConstants.CORS_ALLOWED_HEADERS
-
configureExposeHeaders
void configureExposeHeaders(HttpServletResponse response)
Conditionally sets the Access-Control-Expose-Headers HTTP header. Out-of-the-box, the value comes fromTapestryHttpSymbolConstants.CORS_EXPOSE_HEADERSsymbol, if not empty. Otherwise, the header isn't set.- Parameters:
response- anHttpServletResponse.- See Also:
TapestryHttpSymbolConstants.CORS_EXPOSE_HEADERS
-
configureMaxAge
void configureMaxAge(HttpServletResponse response)
Conditionally sets the Access-Control-Max-Age HTTP header. Out-of-the-box, the value comes fromTapestryHttpSymbolConstants.CORS_MAX_AGEsymbol, if not empty. Otherwise, the header isn't set.- Parameters:
response- anHttpServletResponse.- See Also:
TapestryHttpSymbolConstants.CORS_MAX_AGE
-
addValueToVaryHeader
default void addValueToVaryHeader(HttpServletResponse response, java.lang.String value)
Adds a value to the Vary HTTP header.- Parameters:
response- anHttpServletResponseinstance.value- the value to be added.
-
-