CorsFilter.CORSRequestType requestType = checkRequestType(request); CorsFilter.decorateCORSProperties(request, requestType); this.handleSimpleCORS(request, response, filterChain); break; case PRE_FLIGHT: this.handlePreflightCORS(request, response, filterChain); break; case NOT_CORS: this.handleNonCORS(request, response, filterChain); break; default: this.handleInvalidCORS(request, response, filterChain); break;
throws IOException, ServletException { CorsFilter.CORSRequestType requestType = checkRequestType(request); if (!(requestType == CorsFilter.CORSRequestType.SIMPLE || requestType == CorsFilter.CORSRequestType.ACTUAL)) { if (!isOriginAllowed(origin)) { handleInvalidCORS(request, response, filterChain); return; handleInvalidCORS(request, response, filterChain); return; addStandardHeaders(request, response);
@Override public void init() throws ServletException { parseAndStore( getInitParameter(PARAM_CORS_ALLOWED_ORIGINS, DEFAULT_ALLOWED_ORIGINS), getInitParameter(PARAM_CORS_ALLOWED_METHODS, DEFAULT_ALLOWED_HTTP_METHODS), getInitParameter(PARAM_CORS_ALLOWED_HEADERS, DEFAULT_ALLOWED_HTTP_HEADERS), getInitParameter(PARAM_CORS_EXPOSED_HEADERS, DEFAULT_EXPOSED_HEADERS), getInitParameter(PARAM_CORS_SUPPORT_CREDENTIALS, DEFAULT_SUPPORTS_CREDENTIALS), getInitParameter(PARAM_CORS_PREFLIGHT_MAXAGE, DEFAULT_PREFLIGHT_MAXAGE), getInitParameter(PARAM_CORS_REQUEST_DECORATE, DEFAULT_DECORATE_REQUEST) ); }
throws IOException, ServletException { CorsFilter.CORSRequestType requestType = checkRequestType(request); if (!(requestType == CorsFilter.CORSRequestType.SIMPLE || requestType == CorsFilter.CORSRequestType.ACTUAL)) { if (!isOriginAllowed(origin)) { handleInvalidCORS(request, response, filterChain); return; handleInvalidCORS(request, response, filterChain); return; String exposedHeadersString = join(exposedHeaders, ","); response.addHeader( CorsFilter.RESPONSE_HEADER_ACCESS_CONTROL_EXPOSE_HEADERS,
if (originHeader.isEmpty()) { requestType = CORSRequestType.INVALID_CORS; } else if (!isValidOrigin(originHeader)) { requestType = CORSRequestType.INVALID_CORS; } else if (isLocalOrigin(request, originHeader)) { return CORSRequestType.NOT_CORS; } else { requestType = CORSRequestType.SIMPLE; } else if ("POST".equals(method)) { String mediaType = getMediaType(request.getContentType()); if (mediaType != null) { if (SIMPLE_HTTP_REQUEST_CONTENT_TYPE_VALUES
@Override public void init(final FilterConfig filterConfig) throws ServletException { // Initialize defaults parseAndStore(DEFAULT_ALLOWED_ORIGINS, DEFAULT_ALLOWED_HTTP_METHODS, DEFAULT_ALLOWED_HTTP_HEADERS, DEFAULT_EXPOSED_HEADERS, DEFAULT_SUPPORTS_CREDENTIALS, DEFAULT_PREFLIGHT_MAXAGE, DEFAULT_DECORATE_REQUEST); if (filterConfig != null) { String configAllowedOrigins = filterConfig .getInitParameter(PARAM_CORS_ALLOWED_ORIGINS); String configAllowedHttpMethods = filterConfig .getInitParameter(PARAM_CORS_ALLOWED_METHODS); String configAllowedHttpHeaders = filterConfig .getInitParameter(PARAM_CORS_ALLOWED_HEADERS); String configExposedHeaders = filterConfig .getInitParameter(PARAM_CORS_EXPOSED_HEADERS); String configSupportsCredentials = filterConfig .getInitParameter(PARAM_CORS_SUPPORT_CREDENTIALS); String configPreflightMaxAge = filterConfig .getInitParameter(PARAM_CORS_PREFLIGHT_MAXAGE); String configDecorateRequest = filterConfig .getInitParameter(PARAM_CORS_REQUEST_DECORATE); parseAndStore(configAllowedOrigins, configAllowedHttpMethods, configAllowedHttpHeaders, configExposedHeaders, configSupportsCredentials, configPreflightMaxAge, configDecorateRequest); } }
if (originHeader.isEmpty()) { requestType = CORSRequestType.INVALID_CORS; } else if (!isValidOrigin(originHeader)) { requestType = CORSRequestType.INVALID_CORS; } else {
String exposedHeadersString = join(exposedHeaders, ","); response.addHeader(CorsFilter.RESPONSE_HEADER_ACCESS_CONTROL_EXPOSE_HEADERS, exposedHeadersString); response.addHeader( CorsFilter.RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_METHODS, join(allowedHttpMethods, ",")); response.addHeader( CorsFilter.RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_HEADERS, join(allowedHttpHeaders, ","));
throws IOException, ServletException { CorsFilter.CORSRequestType requestType = checkRequestType(request); if (!(requestType == CorsFilter.CORSRequestType.SIMPLE || requestType == CorsFilter.CORSRequestType.ACTUAL)) { if (!isOriginAllowed(origin)) { handleInvalidCORS(request, response, filterChain); return; handleInvalidCORS(request, response, filterChain); return; String exposedHeadersString = join(exposedHeaders, ","); response.addHeader( CorsFilter.RESPONSE_HEADER_ACCESS_CONTROL_EXPOSE_HEADERS,
if (originHeader.isEmpty()) { requestType = CORSRequestType.INVALID_CORS; } else if (!isValidOrigin(originHeader)) { requestType = CORSRequestType.INVALID_CORS; } else if (isLocalOrigin(request, originHeader)) { return CORSRequestType.NOT_CORS; } else { requestType = CORSRequestType.SIMPLE; } else if ("POST".equals(method)) { String mediaType = getMediaType(request.getContentType()); if (mediaType != null) { if (SIMPLE_HTTP_REQUEST_CONTENT_TYPE_VALUES
@Override public void init(final FilterConfig filterConfig) throws ServletException { // Initialize defaults parseAndStore(DEFAULT_ALLOWED_ORIGINS, DEFAULT_ALLOWED_HTTP_METHODS, DEFAULT_ALLOWED_HTTP_HEADERS, DEFAULT_EXPOSED_HEADERS, DEFAULT_SUPPORTS_CREDENTIALS, DEFAULT_PREFLIGHT_MAXAGE, DEFAULT_DECORATE_REQUEST); if (filterConfig != null) { String configAllowedOrigins = filterConfig .getInitParameter(PARAM_CORS_ALLOWED_ORIGINS); String configAllowedHttpMethods = filterConfig .getInitParameter(PARAM_CORS_ALLOWED_METHODS); String configAllowedHttpHeaders = filterConfig .getInitParameter(PARAM_CORS_ALLOWED_HEADERS); String configExposedHeaders = filterConfig .getInitParameter(PARAM_CORS_EXPOSED_HEADERS); String configSupportsCredentials = filterConfig .getInitParameter(PARAM_CORS_SUPPORT_CREDENTIALS); String configPreflightMaxAge = filterConfig .getInitParameter(PARAM_CORS_PREFLIGHT_MAXAGE); String configDecorateRequest = filterConfig .getInitParameter(PARAM_CORS_REQUEST_DECORATE); parseAndStore(configAllowedOrigins, configAllowedHttpMethods, configAllowedHttpHeaders, configExposedHeaders, configSupportsCredentials, configPreflightMaxAge, configDecorateRequest); } }
if (originHeader.isEmpty()) { requestType = CORSRequestType.INVALID_CORS; } else if (!isValidOrigin(originHeader)) { requestType = CORSRequestType.INVALID_CORS; } else {
String exposedHeadersString = join(exposedHeaders, ","); response.addHeader(CorsFilter.RESPONSE_HEADER_ACCESS_CONTROL_EXPOSE_HEADERS, exposedHeadersString); response.addHeader( CorsFilter.RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_METHODS, join(allowedHttpMethods, ",")); response.addHeader( CorsFilter.RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_HEADERS, join(allowedHttpHeaders, ","));
CorsFilter.CORSRequestType requestType = checkRequestType(request); CorsFilter.decorateCORSProperties(request, requestType); this.handleSimpleCORS(request, response, filterChain); break; case ACTUAL: this.handleSimpleCORS(request, response, filterChain); break; case PRE_FLIGHT: this.handlePreflightCORS(request, response, filterChain); break; case NOT_CORS: this.handleNonCORS(request, response, filterChain); break; default: this.handleInvalidCORS(request, response, filterChain); break;
throws IOException, ServletException { CORSRequestType requestType = checkRequestType(request); if (requestType != CORSRequestType.PRE_FLIGHT) { throw new IllegalArgumentException( if (!isOriginAllowed(origin)) { handleInvalidCORS(request, response, filterChain); return; if (accessControlRequestMethod == null || !HTTP_METHODS.contains(accessControlRequestMethod.trim())) { handleInvalidCORS(request, response, filterChain); return; } else { handleInvalidCORS(request, response, filterChain); return; for (String header : accessControlRequestHeaders) { if (!allowedHttpHeaders.contains(header)) { handleInvalidCORS(request, response, filterChain); return; response.addHeader( CorsFilter.RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_HEADERS, join(allowedHttpHeaders, ","));
throws IOException, ServletException { CorsFilter.CORSRequestType requestType = checkRequestType(request); if (!(requestType == CorsFilter.CORSRequestType.SIMPLE || requestType == CorsFilter.CORSRequestType.ACTUAL)) { if (!isOriginAllowed(origin)) { handleInvalidCORS(request, response, filterChain); return; handleInvalidCORS(request, response, filterChain); return; addStandardHeaders(request, response);
@Override public void init() throws ServletException { parseAndStore( getInitParameter(PARAM_CORS_ALLOWED_ORIGINS, DEFAULT_ALLOWED_ORIGINS), getInitParameter(PARAM_CORS_ALLOWED_METHODS, DEFAULT_ALLOWED_HTTP_METHODS), getInitParameter(PARAM_CORS_ALLOWED_HEADERS, DEFAULT_ALLOWED_HTTP_HEADERS), getInitParameter(PARAM_CORS_EXPOSED_HEADERS, DEFAULT_EXPOSED_HEADERS), getInitParameter(PARAM_CORS_SUPPORT_CREDENTIALS, DEFAULT_SUPPORTS_CREDENTIALS), getInitParameter(PARAM_CORS_PREFLIGHT_MAXAGE, DEFAULT_PREFLIGHT_MAXAGE), getInitParameter(PARAM_CORS_REQUEST_DECORATE, DEFAULT_DECORATE_REQUEST) ); }
CorsFilter.CORSRequestType requestType = checkRequestType(request); CorsFilter.decorateCORSProperties(request, requestType); this.handleSimpleCORS(request, response, filterChain); break; case ACTUAL: this.handleSimpleCORS(request, response, filterChain); break; case PRE_FLIGHT: this.handlePreflightCORS(request, response, filterChain); break; case NOT_CORS: this.handleNonCORS(request, response, filterChain); break; default: this.handleInvalidCORS(request, response, filterChain); break;
throws IOException, ServletException { CORSRequestType requestType = checkRequestType(request); if (requestType != CORSRequestType.PRE_FLIGHT) { throw new IllegalArgumentException( if (!isOriginAllowed(origin)) { handleInvalidCORS(request, response, filterChain); return; if (accessControlRequestMethod == null || !HTTP_METHODS.contains(accessControlRequestMethod.trim())) { handleInvalidCORS(request, response, filterChain); return; } else { handleInvalidCORS(request, response, filterChain); return; for (String header : accessControlRequestHeaders) { if (!allowedHttpHeaders.contains(header)) { handleInvalidCORS(request, response, filterChain); return; response.addHeader( CorsFilter.RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_HEADERS, join(allowedHttpHeaders, ","));
throws IOException, ServletException { CORSRequestType requestType = checkRequestType(request); if (requestType != CORSRequestType.PRE_FLIGHT) { throw new IllegalArgumentException(sm.getString("corsFilter.wrongType1", if (!isOriginAllowed(origin)) { handleInvalidCORS(request, response, filterChain); return; CorsFilter.REQUEST_HEADER_ACCESS_CONTROL_REQUEST_METHOD); if (accessControlRequestMethod == null) { handleInvalidCORS(request, response, filterChain); return; } else { handleInvalidCORS(request, response, filterChain); return; for (String header : accessControlRequestHeaders) { if (!allowedHttpHeaders.contains(header)) { handleInvalidCORS(request, response, filterChain); return; addStandardHeaders(request, response);