allowedMethods.add(HttpMethod.PUT); router.route().handler(CorsHandler.create("*").allowedHeaders(allowedHeaders).allowedMethods(allowedMethods));
/** * Add a set of allowed headers * @param headerNames the allowed header names * @return a reference to this, so the API can be used fluently */ public io.vertx.rxjava.ext.web.handler.CorsHandler allowedHeaders(Set<String> headerNames) { delegate.allowedHeaders(headerNames); return this; }
/** * Add a set of allowed headers * @param headerNames the allowed header names * @return a reference to this, so the API can be used fluently */ public io.vertx.rxjava.ext.web.handler.CorsHandler allowedHeaders(Set<String> headerNames) { delegate.allowedHeaders(headerNames); return this; }
@Test public void testPreflightAllowedHeaders() throws Exception { Set<HttpMethod> allowedMethods = new LinkedHashSet<>(Arrays.asList(HttpMethod.PUT, HttpMethod.DELETE)); Set<String> allowedHeaders = new LinkedHashSet<>(Arrays.asList("X-wibble", "X-blah")); router.route().handler(CorsHandler.create("vertx\\.io").allowedMethods(allowedMethods).allowedHeaders(allowedHeaders)); router.route().handler(context -> context.response().end()); testRequest(HttpMethod.OPTIONS, "/", req -> { req.headers().add("origin", "vertx.io"); req.headers().add("access-control-request-method", "PUT,DELETE"); req.headers().add("access-control-request-headers", allowedHeaders); }, resp -> checkHeaders(resp, "vertx.io", "PUT,DELETE", "X-wibble,X-blah", null), 200, "OK", null); }
/** * Support CORS */ void mountCorsHandler(Router mainRouter) { if (!TransportConfig.isCorsEnabled()) { return; } CorsHandler corsHandler = getCorsHandler(TransportConfig.getCorsAllowedOrigin()); // Access-Control-Allow-Credentials corsHandler.allowCredentials(TransportConfig.isCorsAllowCredentials()); // Access-Control-Allow-Headers corsHandler.allowedHeaders(TransportConfig.getCorsAllowedHeaders()); // Access-Control-Allow-Methods Set<String> allowedMethods = TransportConfig.getCorsAllowedMethods(); for (String method : allowedMethods) { corsHandler.allowedMethod(HttpMethod.valueOf(method)); } // Access-Control-Expose-Headers corsHandler.exposedHeaders(TransportConfig.getCorsExposedHeaders()); // Access-Control-Max-Age int maxAge = TransportConfig.getCorsMaxAge(); if (maxAge >= 0) { corsHandler.maxAgeSeconds(maxAge); } LOGGER.info("mount CorsHandler"); mainRouter.route().handler(corsHandler); }
@Test public void testChaining() throws Exception { CorsHandler cors = CorsHandler.create("*"); assertNotNull(cors); assertSame(cors, cors.allowedMethod(HttpMethod.POST)); assertSame(cors, cors.allowedMethod(HttpMethod.DELETE)); assertSame(cors, cors.allowedMethods(new HashSet<>())); assertSame(cors, cors.allowedHeader("X-foo")); assertSame(cors, cors.allowedHeader("X-bar")); assertSame(cors, cors.allowedHeaders(new HashSet<>())); assertSame(cors, cors.exposedHeader("X-wibble")); assertSame(cors, cors.exposedHeader("X-blah")); assertSame(cors, cors.exposedHeaders(new HashSet<>())); }
private void addCorsHandler(Router router) { router.route().handler(CorsHandler.create("*") .allowedHeaders(new HashSet<>(Arrays.asList("Content-Type", "X-HTTP-Method-Override", "X-XSRF-TOKEN"))) .allowedMethods(Stream.of(HttpMethod.values()).collect(Collectors.toSet()))); }
/** * Enable CORS support. * * @param router router instance */ protected void enableCorsSupport(Router router) { Set<String> allowHeaders = new HashSet<>(); allowHeaders.add("x-requested-with"); allowHeaders.add("Access-Control-Allow-Origin"); allowHeaders.add("origin"); allowHeaders.add("Content-Type"); allowHeaders.add("accept"); Set<HttpMethod> allowMethods = new HashSet<>(); allowMethods.add(HttpMethod.GET); allowMethods.add(HttpMethod.PUT); allowMethods.add(HttpMethod.OPTIONS); allowMethods.add(HttpMethod.POST); allowMethods.add(HttpMethod.DELETE); allowMethods.add(HttpMethod.PATCH); router.route().handler(CorsHandler.create("*") .allowedHeaders(allowHeaders) .allowedMethods(allowMethods)); }
private io.vertx.ext.web.handler.CorsHandler corsHandler() { return io.vertx.ext.web.handler.CorsHandler .create(environment.getProperty("http.cors.allow-origin", String.class, "*")) .allowedHeaders(getStringPropertiesAsList("http.cors.allow-headers", "Cache-Control, Pragma, Origin, Authorization, Content-Type, X-Requested-With, If-Match, x-xsrf-token")) .allowedMethods(getHttpMethodPropertiesAsList("http.cors.allow-methods", "GET, POST")) .maxAgeSeconds(environment.getProperty("http.cors.max-age", Integer.class, 86400)); }
private io.vertx.ext.web.handler.CorsHandler corsHandler() { return io.vertx.ext.web.handler.CorsHandler .create(environment.getProperty("http.cors.allow-origin", String.class, "*")) .allowedHeaders(getStringPropertiesAsList("http.cors.allow-headers", "Cache-Control, Pragma, Origin, Authorization, Content-Type, X-Requested-With, If-Match, x-xsrf-token")) .allowedMethods(getHttpMethodPropertiesAsList("http.cors.allow-methods", "GET, POST")) .maxAgeSeconds(environment.getProperty("http.cors.max-age", Integer.class, 86400)); }
/** * Enables CORS * * @param allowedOriginPattern allowed origin * @param allowCredentials allow credentials (true/false) * @param maxAge in seconds * @param allowedHeaders set of allowed headers * @param methods list of methods ... if empty all methods are allowed @return self * @return self */ public RestBuilder enableCors(String allowedOriginPattern, boolean allowCredentials, int maxAge, Set<String> allowedHeaders, HttpMethod... methods) { corsHandler = CorsHandler.create(allowedOriginPattern) .allowCredentials(allowCredentials) .maxAgeSeconds(maxAge); if (methods == null || methods.length == 0) { // if not given than all methods = HttpMethod.values(); } for (HttpMethod method : methods) { corsHandler.allowedMethod(method); } if (allowedHeaders.size() > 0) { corsHandler.allowedHeaders(allowedHeaders); } return this; }
@Test public void testPreflightAllowedHeaders() throws Exception { Set<HttpMethod> allowedMethods = new LinkedHashSet<>(Arrays.asList(HttpMethod.PUT, HttpMethod.DELETE)); Set<String> allowedHeaders = new LinkedHashSet<>(Arrays.asList("X-wibble", "X-blah")); router.route().handler(CorsHandler.create("vertx\\.io").allowedMethods(allowedMethods).allowedHeaders(allowedHeaders)); router.route().handler(context -> context.response().end()); testRequest(HttpMethod.OPTIONS, "/", req -> { req.headers().add("origin", "vertx.io"); req.headers().add("access-control-request-method", "PUT,DELETE"); req.headers().add("access-control-request-headers", allowedHeaders); }, resp -> checkHeaders(resp, "vertx.io", "PUT,DELETE", "X-wibble,X-blah", null), 200, "OK", null); }
/** * @param router to add handler to * @param allowedOriginPattern origin pattern * @param allowCredentials allowed credentials * @param maxAge in seconds * @param allowedHeaders set of headers or null for none * @param methods list of methods or empty for all */ public void enableCors(Router router, String allowedOriginPattern, boolean allowCredentials, int maxAge, Set<String> allowedHeaders, HttpMethod... methods) { CorsHandler handler = CorsHandler.create(allowedOriginPattern) .allowCredentials(allowCredentials) .maxAgeSeconds(maxAge); if (methods == null || methods.length == 0) { // if not given than all methods = HttpMethod.values(); } for (HttpMethod method : methods) { handler.allowedMethod(method); } handler.allowedHeaders(allowedHeaders); router.route().handler(handler).order(ORDER_CORS_HANDLER); }
/** * Support CORS */ void mountCorsHandler(Router mainRouter) { if (!TransportConfig.isCorsEnabled()) { return; } CorsHandler corsHandler = getCorsHandler(TransportConfig.getCorsAllowedOrigin()); // Access-Control-Allow-Credentials corsHandler.allowCredentials(TransportConfig.isCorsAllowCredentials()); // Access-Control-Allow-Headers corsHandler.allowedHeaders(TransportConfig.getCorsAllowedHeaders()); // Access-Control-Allow-Methods Set<String> allowedMethods = TransportConfig.getCorsAllowedMethods(); for (String method : allowedMethods) { corsHandler.allowedMethod(HttpMethod.valueOf(method)); } // Access-Control-Expose-Headers corsHandler.exposedHeaders(TransportConfig.getCorsExposedHeaders()); // Access-Control-Max-Age int maxAge = TransportConfig.getCorsMaxAge(); if (maxAge >= 0) { corsHandler.maxAgeSeconds(maxAge); } LOGGER.info("mount CorsHandler"); mainRouter.route().handler(corsHandler); }
corsHandler.allowedHeader((String)allowHeaders); } else if (allowHeaders instanceof JsonArray) { corsHandler.allowedHeaders(Seq.seq((JsonArray)allowHeaders) .cast(String.class).toSet()); } else if (allowHeaders != null) {
@Test public void testChaining() throws Exception { CorsHandler cors = CorsHandler.create("*"); assertNotNull(cors); assertSame(cors, cors.allowedMethod(HttpMethod.POST)); assertSame(cors, cors.allowedMethod(HttpMethod.DELETE)); assertSame(cors, cors.allowedMethods(new HashSet<>())); assertSame(cors, cors.allowedHeader("X-foo")); assertSame(cors, cors.allowedHeader("X-bar")); assertSame(cors, cors.allowedHeaders(new HashSet<>())); assertSame(cors, cors.exposedHeader("X-wibble")); assertSame(cors, cors.exposedHeader("X-blah")); assertSame(cors, cors.exposedHeaders(new HashSet<>())); }
.handler(CorsHandler.create("*") .allowCredentials(false) .allowedHeaders(new HashSet<String>() {
.handler(CorsHandler.create("*") .allowCredentials(false) .allowedHeaders(new HashSet<String>() {