CORSConfiguration create(PathConfiguration pathConfiguration) { return new CORSConfiguration(pathConfiguration, allowedOrigins, allowedMethods, allowedHeaders, exposedHeaders, allowCredentials, allowAnyOrigin, allowAnyHeader, this.allowAnyMethod, maxAge); } }
Set<String> allowedOrigins = this.corsConfiguration.getAllowedOrigins(); Set<String> allowedMethods = this.corsConfiguration.getAllowedMethods(); Set<String> allowedHeaders = this.corsConfiguration.getAllowedHeaders(); Set<String> exposedHeaders = this.corsConfiguration.getExposedHeaders(); boolean allowCredentials = this.corsConfiguration.isAllowCredentials(); boolean allowAnyOrigin = this.corsConfiguration.isAllowAnyOrigin(); boolean allowAnyHeader = this.corsConfiguration.isAllowAnyHeader(); boolean allowAnyMethod = this.corsConfiguration.isAllowAnyMethod(); long maxAge = this.corsConfiguration.getMaxAge(); allowedOrigins = groupCORSAuthz.getAllowedOrigins(); allowedMethods = groupCORSAuthz.getAllowedMethods(); allowedHeaders = groupCORSAuthz.getAllowedHeaders(); exposedHeaders = groupCORSAuthz.getExposedHeaders(); allowCredentials = groupCORSAuthz.isAllowCredentials(); maxAge = groupCORSAuthz.getMaxAge(); return new CORSConfiguration(this, allowedOrigins, allowedMethods, allowedHeaders, exposedHeaders, allowCredentials, allowAnyOrigin, allowAnyHeader, allowAnyMethod, maxAge); } else if (groupCORSAuthz != null) {
Set<String> allowedOrigins = corsConfiguration.getAllowedOrigins(); && !corsConfiguration.isAllowAnyOrigin())) { HTTP_LOGGER.debug("CORS origin denied " + requestOrigin); throw new RuntimeException("CORS origin denied " + requestOrigin); if (!corsConfiguration.isAllowAnyMethod()) { final String method = request.getMethod().toUpperCase(); Set<String> allowedMethods = corsConfiguration.getAllowedMethods(); if (corsConfiguration.isAllowCredentials()) { response.addHeader(ACCESS_CONTROL_ALLOW_CREDENTIALS, "true"); response.addHeader(ACCESS_CONTROL_ALLOW_ORIGIN, requestOrigin); } else { if (corsConfiguration.isAllowAnyOrigin()) { response.addHeader(ACCESS_CONTROL_ALLOW_ORIGIN, ACCESS_CONTROL_ALLOW_ORIGIN_WILDCARD); } else { Set<String> exposedHeaders = corsConfiguration.getExposedHeaders();
Set<String> allowedOrigins = this.corsConfiguration.getAllowedOrigins(); Set<String> allowedMethods = this.corsConfiguration.getAllowedMethods(); Set<String> allowedHeaders = this.corsConfiguration.getAllowedHeaders(); Set<String> exposedHeaders = this.corsConfiguration.getExposedHeaders(); boolean allowCredentials = this.corsConfiguration.isAllowCredentials(); boolean allowAnyOrigin = this.corsConfiguration.isAllowAnyOrigin(); boolean allowAnyHeader = this.corsConfiguration.isAllowAnyHeader(); boolean allowAnyMethod = this.corsConfiguration.isAllowAnyMethod(); long maxAge = this.corsConfiguration.getMaxAge(); allowedOrigins = groupCORSAuthz.getAllowedOrigins(); allowedMethods = groupCORSAuthz.getAllowedMethods(); allowedHeaders = groupCORSAuthz.getAllowedHeaders(); exposedHeaders = groupCORSAuthz.getExposedHeaders(); allowCredentials = groupCORSAuthz.isAllowCredentials(); maxAge = groupCORSAuthz.getMaxAge(); return new CORSConfiguration(this, allowedOrigins, allowedMethods, allowedHeaders, exposedHeaders, allowCredentials, allowAnyOrigin, allowAnyHeader, allowAnyMethod, maxAge); } else if (groupCORSAuthz != null) {
Set<String> allowedOrigins = corsConfiguration.getAllowedOrigins(); && !corsConfiguration.isAllowAnyOrigin())) { HTTP_LOGGER.debug("CORS origin denied " + requestOrigin); throw new RuntimeException("CORS origin denied " + requestOrigin); if (!corsConfiguration.isAllowAnyMethod()) { final String method = request.getMethod().toUpperCase(); Set<String> allowedMethods = corsConfiguration.getAllowedMethods(); if (corsConfiguration.isAllowCredentials()) { response.addHeader(ACCESS_CONTROL_ALLOW_CREDENTIALS, "true"); response.addHeader(ACCESS_CONTROL_ALLOW_ORIGIN, requestOrigin); } else { if (corsConfiguration.isAllowAnyOrigin()) { response.addHeader(ACCESS_CONTROL_ALLOW_ORIGIN, ACCESS_CONTROL_ALLOW_ORIGIN_WILDCARD); } else { Set<String> exposedHeaders = corsConfiguration.getExposedHeaders();
Set<String> allowedOrigins = this.corsConfiguration.getAllowedOrigins(); Set<String> allowedMethods = this.corsConfiguration.getAllowedMethods(); Set<String> allowedHeaders = this.corsConfiguration.getAllowedHeaders(); Set<String> exposedHeaders = this.corsConfiguration.getExposedHeaders(); boolean allowCredentials = this.corsConfiguration.isAllowCredentials(); boolean allowAnyOrigin = this.corsConfiguration.isAllowAnyOrigin(); boolean allowAnyHeader = this.corsConfiguration.isAllowAnyHeader(); boolean allowAnyMethod = this.corsConfiguration.isAllowAnyMethod(); long maxAge = this.corsConfiguration.getMaxAge(); allowedOrigins = groupCORSAuthz.getAllowedOrigins(); allowedMethods = groupCORSAuthz.getAllowedMethods(); allowedHeaders = groupCORSAuthz.getAllowedHeaders(); exposedHeaders = groupCORSAuthz.getExposedHeaders(); allowCredentials = groupCORSAuthz.isAllowCredentials(); maxAge = groupCORSAuthz.getMaxAge(); return new CORSConfiguration(this, allowedOrigins, allowedMethods, allowedHeaders, exposedHeaders, allowCredentials, allowAnyOrigin, allowAnyHeader, allowAnyMethod, maxAge); } else if (groupCORSAuthz != null) {
Set<String> allowedOrigins = corsConfiguration.getAllowedOrigins(); && !corsConfiguration.isAllowAnyOrigin())) { HTTP_LOGGER.debug("CORS origin denied " + requestOrigin); throw new RuntimeException("CORS origin denied " + requestOrigin); if (!corsConfiguration.isAllowAnyMethod()) { final String method = request.getMethod().toUpperCase(); Set<String> allowedMethods = corsConfiguration.getAllowedMethods(); if (corsConfiguration.isAllowCredentials()) { response.addHeader(ACCESS_CONTROL_ALLOW_CREDENTIALS, "true"); response.addHeader(ACCESS_CONTROL_ALLOW_ORIGIN, requestOrigin); } else { if (corsConfiguration.isAllowAnyOrigin()) { response.addHeader(ACCESS_CONTROL_ALLOW_ORIGIN, ACCESS_CONTROL_ALLOW_ORIGIN_WILDCARD); } else { Set<String> exposedHeaders = corsConfiguration.getExposedHeaders();
CORSConfiguration create(PathConfiguration pathConfiguration) { return new CORSConfiguration(pathConfiguration, allowedOrigins, allowedMethods, allowedHeaders, exposedHeaders, allowCredentials, allowAnyOrigin, allowAnyHeader, this.allowAnyMethod, maxAge); } }
boolean allowAnyOrigin = corsConfiguration.isAllowAnyOrigin(); Set<String> allowedOrigins = corsConfiguration.getAllowedOrigins(); Set<String> allowedMethods = corsConfiguration.getAllowedMethods(); if (!corsConfiguration.isAllowAnyMethod()) { String requestMethodHeader = request.getHeader(ACCESS_CONTROL_REQUEST_METHOD); String requestedMethod = requestMethodHeader.toUpperCase(); Set<String> allowedHeaders = corsConfiguration.getAllowedHeaders(); if (!corsConfiguration.isAllowAnyHeader()) { for (String requestHeader : requestHeaders) { if (!allowedHeaders.contains(requestHeader)) { if (corsConfiguration.isAllowCredentials()) { response.addHeader(ACCESS_CONTROL_ALLOW_CREDENTIALS, "true"); response.addHeader(ACCESS_CONTROL_ALLOW_ORIGIN, requestOrigin); long maxAge = corsConfiguration.getMaxAge(); if (corsConfiguration.isAllowAnyHeader() && rawRequestHeadersString != null) { response.addHeader(ACCESS_CONTROL_ALLOW_HEADERS, rawRequestHeadersString); } else if (allowedHeaders != null && !allowedHeaders.isEmpty()) {
CORSConfiguration create(PathConfiguration pathConfiguration) { return new CORSConfiguration(pathConfiguration, allowedOrigins, allowedMethods, allowedHeaders, exposedHeaders, allowCredentials, allowAnyOrigin, allowAnyHeader, this.allowAnyMethod, maxAge); } }
boolean allowAnyOrigin = corsConfiguration.isAllowAnyOrigin(); Set<String> allowedOrigins = corsConfiguration.getAllowedOrigins(); Set<String> allowedMethods = corsConfiguration.getAllowedMethods(); if (!corsConfiguration.isAllowAnyMethod()) { String requestMethodHeader = request.getHeader(ACCESS_CONTROL_REQUEST_METHOD); String requestedMethod = requestMethodHeader.toUpperCase(); Set<String> allowedHeaders = corsConfiguration.getAllowedHeaders(); if (!corsConfiguration.isAllowAnyHeader()) { for (String requestHeader : requestHeaders) { if (!allowedHeaders.contains(requestHeader)) { if (corsConfiguration.isAllowCredentials()) { response.addHeader(ACCESS_CONTROL_ALLOW_CREDENTIALS, "true"); response.addHeader(ACCESS_CONTROL_ALLOW_ORIGIN, requestOrigin); long maxAge = corsConfiguration.getMaxAge(); if (corsConfiguration.isAllowAnyHeader() && rawRequestHeadersString != null) { response.addHeader(ACCESS_CONTROL_ALLOW_HEADERS, rawRequestHeadersString); } else if (allowedHeaders != null && !allowedHeaders.isEmpty()) {
boolean allowAnyOrigin = corsConfiguration.isAllowAnyOrigin(); Set<String> allowedOrigins = corsConfiguration.getAllowedOrigins(); Set<String> allowedMethods = corsConfiguration.getAllowedMethods(); if (!corsConfiguration.isAllowAnyMethod()) { String requestMethodHeader = request.getHeader(ACCESS_CONTROL_REQUEST_METHOD); String requestedMethod = requestMethodHeader.toUpperCase(); Set<String> allowedHeaders = corsConfiguration.getAllowedHeaders(); if (!corsConfiguration.isAllowAnyHeader()) { for (String requestHeader : requestHeaders) { if (!allowedHeaders.contains(requestHeader)) { if (corsConfiguration.isAllowCredentials()) { response.addHeader(ACCESS_CONTROL_ALLOW_CREDENTIALS, "true"); response.addHeader(ACCESS_CONTROL_ALLOW_ORIGIN, requestOrigin); long maxAge = corsConfiguration.getMaxAge(); if (corsConfiguration.isAllowAnyHeader() && rawRequestHeadersString != null) { response.addHeader(ACCESS_CONTROL_ALLOW_HEADERS, rawRequestHeadersString); } else if (allowedHeaders != null && !allowedHeaders.isEmpty()) {