r.addHeaderIfNotAdded(ACCESS_CONTROL_ALLOW_ORIGIN, origin); r.addHeaderIfNotAdded(ACCESS_CONTROL_ALLOW_METHODS, methods); r.addHeaderIfNotAdded(ACCESS_CONTROL_EXPOSE_HEADERS, exposeHeaders); r.addHeaderIfNotAdded(ACCESS_CONTROL_ALLOW_CREDENTIALS, S.string(allowCredentials)); r.addHeaderIfNotAdded(ACCESS_CONTROL_ALLOW_HEADERS, allowHeaders); r.addHeaderIfNotAdded(ACCESS_CONTROL_MAX_AGE, S.string(maxAge));
r.addHeaderIfNotAdded(ACCESS_CONTROL_ALLOW_ORIGIN, origin); r.addHeaderIfNotAdded(ACCESS_CONTROL_ALLOW_METHODS, methods); r.addHeaderIfNotAdded(ACCESS_CONTROL_EXPOSE_HEADERS, exposeHeaders); r.addHeaderIfNotAdded(ACCESS_CONTROL_ALLOW_CREDENTIALS, S.string(allowCredentials)); r.addHeaderIfNotAdded(ACCESS_CONTROL_ALLOW_HEADERS, allowHeaders); r.addHeaderIfNotAdded(ACCESS_CONTROL_MAX_AGE, S.string(maxAge));
public ActionContext applyContentSecurityPolicy() { RequestHandler handler = handler(); if (null != handler) { boolean disableCSP = handler.disableContentSecurityPolicy(); if (disableCSP) { return this; } String csp = handler.contentSecurityPolicy(); if (S.notBlank(csp)) { H.Response resp = resp(); resp.addHeaderIfNotAdded(CONTENT_SECURITY_POLICY, csp); } } applyGlobalCspSetting(); return this; }
private void applyGlobalCorsSetting() { if (this.disableCors) { return; } AppConfig conf = config(); if (!conf.corsEnabled()) { return; } H.Response r = response; r.addHeaderIfNotAdded(ACCESS_CONTROL_ALLOW_ORIGIN, conf.corsAllowOrigin()); if (request.method() == H.Method.OPTIONS || !conf.corsOptionCheck()) { r.addHeaderIfNotAdded(ACCESS_CONTROL_ALLOW_HEADERS, conf.corsAllowHeaders()); r.addHeaderIfNotAdded(ACCESS_CONTROL_ALLOW_CREDENTIALS, S.string(conf.corsAllowCredentials())); r.addHeaderIfNotAdded(ACCESS_CONTROL_EXPOSE_HEADERS, conf.corsExposeHeaders()); r.addHeaderIfNotAdded(ACCESS_CONTROL_MAX_AGE, S.string(conf.corsMaxAge())); } }
public ActionContext applyContentSecurityPolicy() { RequestHandler handler = handler(); if (null != handler) { boolean disableCSP = handler.disableContentSecurityPolicy(); if (disableCSP) { return this; } String csp = handler.contentSecurityPolicy(); if (S.notBlank(csp)) { H.Response resp = resp(); resp.addHeaderIfNotAdded(CONTENT_SECURITY_POLICY, csp); } } applyGlobalCspSetting(); return this; }
private void applyGlobalCorsSetting() { if (this.disableCors) { return; } AppConfig conf = config(); if (!conf.corsEnabled()) { return; } H.Response r = response; r.addHeaderIfNotAdded(ACCESS_CONTROL_ALLOW_ORIGIN, conf.corsAllowOrigin()); if (request.method() == H.Method.OPTIONS || !conf.corsOptionCheck()) { r.addHeaderIfNotAdded(ACCESS_CONTROL_ALLOW_HEADERS, conf.corsAllowHeaders()); r.addHeaderIfNotAdded(ACCESS_CONTROL_ALLOW_CREDENTIALS, S.string(conf.corsAllowCredentials())); r.addHeaderIfNotAdded(ACCESS_CONTROL_EXPOSE_HEADERS, conf.corsExposeHeaders()); r.addHeaderIfNotAdded(ACCESS_CONTROL_MAX_AGE, S.string(conf.corsMaxAge())); } }
private void applyGlobalCspSetting() { String csp = config().contentSecurityPolicy(); if (S.blank(csp)) { return; } H.Response r = resp(); r.addHeaderIfNotAdded(CONTENT_SECURITY_POLICY, csp); }
private void applyGlobalCspSetting() { String csp = config().contentSecurityPolicy(); if (S.blank(csp)) { return; } H.Response r = resp(); r.addHeaderIfNotAdded(CONTENT_SECURITY_POLICY, csp); }