/** * Set the list of headers that a preflight request can list as allowed * for use during an actual request. The special value {@code "*"} may be * used to allow all headers. * <p>A header name is not required to be listed if it is one of: * {@code Cache-Control}, {@code Content-Language}, {@code Expires}, * {@code Last-Modified}, or {@code Pragma} as per the CORS spec. * <p>By default all headers are allowed. */ public CorsRegistration allowedHeaders(String... headers) { this.config.setAllowedHeaders(Arrays.asList(headers)); return this; }
/** * Add an actual request header to allow. */ public void addAllowedHeader(String allowedHeader) { if (this.allowedHeaders == null) { this.allowedHeaders = new ArrayList<>(4); } else if (this.allowedHeaders == DEFAULT_PERMIT_ALL) { setAllowedHeaders(DEFAULT_PERMIT_ALL); } this.allowedHeaders.add(allowedHeader); }
/** * Set the list of headers that a pre-flight request can list as allowed * for use during an actual request. * <p>The special value {@code "*"} may be used to allow all headers. * <p>A header name is not required to be listed if it is one of: * {@code Cache-Control}, {@code Content-Language}, {@code Expires}, * {@code Last-Modified}, or {@code Pragma} as per the CORS spec. * <p>By default all headers are allowed. */ public CorsRegistration allowedHeaders(String... headers) { this.config.setAllowedHeaders(new ArrayList<>(Arrays.asList(headers))); return this; }
/** * Set the list of headers that a preflight request can list as allowed * for use during an actual request. The special value {@code "*"} may be * used to allow all headers. * <p>A header name is not required to be listed if it is one of: * {@code Cache-Control}, {@code Content-Language}, {@code Expires}, * {@code Last-Modified}, or {@code Pragma} as per the CORS spec. * <p>By default all headers are allowed. */ public CorsRegistration allowedHeaders(String... headers) { this.config.setAllowedHeaders(Arrays.asList(headers)); return this; }
/** * Add an actual request header to allow. */ public void addAllowedHeader(String allowedHeader) { if (this.allowedHeaders == null) { this.allowedHeaders = new ArrayList<>(4); } else if (this.allowedHeaders == DEFAULT_PERMIT_ALL) { setAllowedHeaders(DEFAULT_PERMIT_ALL); } this.allowedHeaders.add(allowedHeader); }
config.setAllowedHeaders(Arrays.asList(allowedHeaders));
config.setAllowedHeaders(Arrays.asList(allowedHeaders));
@Before public void setup() throws Exception { config.setAllowedOrigins(Arrays.asList("http://domain1.com", "http://domain2.com")); config.setAllowedMethods(Arrays.asList("GET", "POST")); config.setAllowedHeaders(Arrays.asList("header1", "header2")); config.setExposedHeaders(Arrays.asList("header3", "header4")); config.setMaxAge(123L); config.setAllowCredentials(false); filter = new CorsFilter(r -> config); }
@Bean public CorsFilter corsFilter() { final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); final CorsConfiguration config = new CorsConfiguration(); config.setAllowCredentials(true); //是否支持 cookie 跨域 config.setAllowedHeaders(Arrays.asList("*")); config.setAllowedOrigins(Arrays.asList("*")); config.setAllowedMethods(Arrays.asList("*")); config.setMaxAge(300l); //缓存时间。在这个时间段内,相同的跨域请求将不再检查 source.registerCorsConfiguration("/**", config); return new CorsFilter(source); } }
@Before public void setup() throws Exception { config.setAllowedOrigins(Arrays.asList("http://domain1.com", "http://domain2.com")); config.setAllowedMethods(Arrays.asList("GET", "POST")); config.setAllowedHeaders(Arrays.asList("header1", "header2")); config.setExposedHeaders(Arrays.asList("header3", "header4")); config.setMaxAge(123L); config.setAllowCredentials(false); filter = new CorsWebFilter(r -> config); }
@Test public void checkHeadersNotAllowed() { CorsConfiguration config = new CorsConfiguration(); assertNull(config.checkHeaders(null)); assertNull(config.checkHeaders(Arrays.asList("header1"))); config.setAllowedHeaders(Collections.emptyList()); assertNull(config.checkHeaders(Arrays.asList("header1"))); config.addAllowedHeader("header2"); config.addAllowedHeader("header3"); assertNull(config.checkHeaders(Arrays.asList("header1"))); }
config.setAllowedOrigins(combine(getAllowedOrigins(), other.getAllowedOrigins())); config.setAllowedMethods(combine(getAllowedMethods(), other.getAllowedMethods())); config.setAllowedHeaders(combine(getAllowedHeaders(), other.getAllowedHeaders())); config.setExposedHeaders(combine(getExposedHeaders(), other.getExposedHeaders())); Boolean allowCredentials = other.getAllowCredentials();
config.setAllowedOrigins(combine(getAllowedOrigins(), other.getAllowedOrigins())); config.setAllowedMethods(combine(getAllowedMethods(), other.getAllowedMethods())); config.setAllowedHeaders(combine(getAllowedHeaders(), other.getAllowedHeaders())); config.setExposedHeaders(combine(getExposedHeaders(), other.getExposedHeaders())); Boolean allowCredentials = other.getAllowCredentials();
@Test public void setNullValues() { CorsConfiguration config = new CorsConfiguration(); config.setAllowedOrigins(null); assertNull(config.getAllowedOrigins()); config.setAllowedHeaders(null); assertNull(config.getAllowedHeaders()); config.setAllowedMethods(null); assertNull(config.getAllowedMethods()); config.setExposedHeaders(null); assertNull(config.getExposedHeaders()); config.setAllowCredentials(null); assertNull(config.getAllowCredentials()); config.setMaxAge(null); assertNull(config.getMaxAge()); }
private static CorsConfiguration createDefaultCorsConfig() { CorsConfiguration retVal = new CorsConfiguration(); retVal.setAllowedHeaders(new ArrayList<>(Constants.CORS_ALLOWED_HEADERS)); retVal.setAllowedMethods(new ArrayList<>(Constants.CORS_ALLWED_METHODS)); retVal.addExposedHeader("Content-Location"); retVal.addExposedHeader("Location"); retVal.addAllowedOrigin("*"); return retVal; }
config.setAllowedHeaders(Arrays .asList(StringUtils.split(configData.get(CONFIG_ALLOWED_HEADERS), CommonConstants.COMMA_DELIMITED)));
config.setAllowedHeaders(Arrays .asList(StringUtils.split(configData.get(CONFIG_ALLOWED_HEADERS), CommonConstants.COMMA_DELIMITED)));
config.setAllowedHeaders(Arrays.asList(CrossOrigin.DEFAULT_ALLOWED_HEADERS));
@Override public CorsConfiguration getCorsConfiguration(ServerWebExchange exchange) { CorsConfiguration config = new CorsConfiguration(); config.setAllowCredentials(true); config.setAllowedHeaders(Arrays.asList(cors.getAllowedHeaders())); config.setAllowedMethods(Arrays.asList(cors.getAllowedMethods())); config.setAllowedOrigins(Arrays.asList(cors.getAllowedOrigins())); config.setExposedHeaders(Arrays.asList(cors.getExposedHeaders())); config.setMaxAge(cors.getMaxAge()); return config; }
@Override public CorsConfiguration getCorsConfiguration(HttpServletRequest request) { CorsConfiguration config = new CorsConfiguration(); config.setAllowCredentials(true); config.setAllowedHeaders(Arrays.asList(cors.getAllowedHeaders())); config.setAllowedMethods(Arrays.asList(cors.getAllowedMethods())); config.setAllowedOrigins(Arrays.asList(cors.getAllowedOrigins())); config.setExposedHeaders(Arrays.asList(cors.getExposedHeaders())); config.setMaxAge(cors.getMaxAge()); return config; }