public CorsResponseDecorator buildResponseDecorator() { return new CorsResponseDecorator(setSensibleDefaults()); }
@Override public boolean decorateTextResponse(HttpTextResponseHolder responseHolder, String requestPath, String requestMethod, int code, String contentType, String payload, MultiMap<String, String> responseHeaders, MultiMap<String, String> requestHeaders, MultiMap<String, String> requestParams) { boolean passedCorsCheck = checkCorsAndContinue( new HttpRequestHolder( contentType, requestMethod, payload.getBytes(), requestPath, requestHeaders, requestParams), new HttpResponseHolder(responseHeaders) ); return passedCorsCheck; }
private boolean checkCorsAndContinue(HttpRequestHolder requestHolder, final HttpResponseHolder responseHolder) { // Determines the CORS request type. CorsResponseDecorator.CORSRequestType requestType = checkRequestType(requestHolder); switch (requestType) { case SIMPLE: // Handles a Simple CORS request. return this.handleSimpleCORS(requestHolder, responseHolder); case ACTUAL: // Handles an Actual CORS request. return this.handleSimpleCORS(requestHolder, responseHolder); case PRE_FLIGHT: // Handles a Pre-flight CORS request. return this.handlePreflightCORS(requestHolder, responseHolder); case NOT_CORS: // Handles a Normal request that is not a cross-origin request. return true; default: // Handles a CORS request that violates specification. return this.handleInvalidCORS(requestHolder, responseHolder); } }
if (originHeader.isEmpty()) { requestType = CORSRequestType.INVALID_CORS; } else if (!isValidOrigin(originHeader)) { requestType = CORSRequestType.INVALID_CORS; } else if (isLocalOrigin(request, originHeader)) { return CORSRequestType.NOT_CORS; } else {
final HttpResponseHolder response) { CORSRequestType requestType = checkRequestType(request); if (requestType != CORSRequestType.PRE_FLIGHT) { throw new IllegalArgumentException(CorsSupport.CORS_WRONG_TYPE_2); if (!isOriginAllowed(origin)) { handleInvalidCORS(request, response); return false; CorsResponseDecorator.REQUEST_HEADER_ACCESS_CONTROL_REQUEST_METHOD); if (accessControlRequestMethod == null) { handleInvalidCORS(request, response); return false; } else { handleInvalidCORS(request, response); return false; for (String header : accessControlRequestHeaders) { if (!corsSupport.getAllowedHeaders().contains(header)) { handleInvalidCORS(request, response); return false; response.getHeaders().add( CorsResponseDecorator.RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_HEADERS, join(corsSupport.getAllowedHeaders(), ","));
final HttpResponseHolder response) { CorsResponseDecorator.CORSRequestType requestType = checkRequestType(request); if (!(requestType == CorsResponseDecorator.CORSRequestType.SIMPLE || requestType == CorsResponseDecorator.CORSRequestType.ACTUAL)) { if (!isOriginAllowed(origin)) { handleInvalidCORS(request, response); return false; handleInvalidCORS(request, response); return false; String exposedHeadersString = join(corsSupport.getExposedHeaders(), ","); response.getHeaders().add( CorsResponseDecorator.RESPONSE_HEADER_ACCESS_CONTROL_EXPOSE_HEADERS,
if (originHeader.isEmpty()) { requestType = CORSRequestType.INVALID_CORS; } else if (!isValidOrigin(originHeader)) { requestType = CORSRequestType.INVALID_CORS; } else if (isLocalOrigin(request, originHeader)) { return CORSRequestType.NOT_CORS; } else {
final HttpResponseHolder response) { CORSRequestType requestType = checkRequestType(request); if (requestType != CORSRequestType.PRE_FLIGHT) { throw new IllegalArgumentException(CorsSupport.CORS_WRONG_TYPE_2); if (!isOriginAllowed(origin)) { handleInvalidCORS(request, response); return false; CorsResponseDecorator.REQUEST_HEADER_ACCESS_CONTROL_REQUEST_METHOD); if (accessControlRequestMethod == null) { handleInvalidCORS(request, response); return false; } else { handleInvalidCORS(request, response); return false; for (String header : accessControlRequestHeaders) { if (!corsSupport.getAllowedHeaders().contains(header)) { handleInvalidCORS(request, response); return false; response.getHeaders().add( CorsResponseDecorator.RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_HEADERS, join(corsSupport.getAllowedHeaders(), ","));
private boolean checkCorsAndContinue(HttpRequestHolder requestHolder, final HttpResponseHolder responseHolder) { // Determines the CORS request type. CorsResponseDecorator.CORSRequestType requestType = checkRequestType(requestHolder); switch (requestType) { case SIMPLE: // Handles a Simple CORS request. return this.handleSimpleCORS(requestHolder, responseHolder); case ACTUAL: // Handles an Actual CORS request. return this.handleSimpleCORS(requestHolder, responseHolder); case PRE_FLIGHT: // Handles a Pre-flight CORS request. return this.handlePreflightCORS(requestHolder, responseHolder); case NOT_CORS: // Handles a Normal request that is not a cross-origin request. return true; default: // Handles a CORS request that violates specification. return this.handleInvalidCORS(requestHolder, responseHolder); } }
@Override public boolean decorateBinaryResponse(HttpBinaryResponseHolder responseHolder, String requestPath, String requestMethod, int code, String contentType, byte[] payload, MultiMap<String, String> responseHeaders, MultiMap<String, String> requestHeaders, MultiMap<String, String> requestParams) { boolean passedCorsCheck = checkCorsAndContinue( new HttpRequestHolder( contentType, requestMethod, payload, requestPath, requestHeaders, requestParams), new HttpResponseHolder(responseHeaders) ); return passedCorsCheck; }
public CorsResponseDecorator buildResponseDecorator() { return new CorsResponseDecorator(setSensibleDefaults()); }
final HttpResponseHolder response) { CorsResponseDecorator.CORSRequestType requestType = checkRequestType(request); if (!(requestType == CorsResponseDecorator.CORSRequestType.SIMPLE || requestType == CorsResponseDecorator.CORSRequestType.ACTUAL)) { if (!isOriginAllowed(origin)) { handleInvalidCORS(request, response); return false; handleInvalidCORS(request, response); return false; String exposedHeadersString = join(corsSupport.getExposedHeaders(), ","); response.getHeaders().add( CorsResponseDecorator.RESPONSE_HEADER_ACCESS_CONTROL_EXPOSE_HEADERS,
@Override public boolean decorateTextResponse(HttpTextResponseHolder responseHolder, String requestPath, String requestMethod, int code, String contentType, String payload, MultiMap<String, String> responseHeaders, MultiMap<String, String> requestHeaders, MultiMap<String, String> requestParams) { boolean passedCorsCheck = checkCorsAndContinue( new HttpRequestHolder( contentType, requestMethod, payload.getBytes(), requestPath, requestHeaders, requestParams), new HttpResponseHolder(responseHeaders) ); return passedCorsCheck; }
@Override public boolean decorateBinaryResponse(HttpBinaryResponseHolder responseHolder, String requestPath, String requestMethod, int code, String contentType, byte[] payload, MultiMap<String, String> responseHeaders, MultiMap<String, String> requestHeaders, MultiMap<String, String> requestParams) { boolean passedCorsCheck = checkCorsAndContinue( new HttpRequestHolder( contentType, requestMethod, payload, requestPath, requestHeaders, requestParams), new HttpResponseHolder(responseHeaders) ); return passedCorsCheck; }