/** * Set the list of response headers other than "simple" headers, i.e. * {@code Cache-Control}, {@code Content-Language}, {@code Content-Type}, * {@code Expires}, {@code Last-Modified}, or {@code Pragma}, that an * actual response might have and can be exposed. * <p>Note that {@code "*"} is not supported on this property. * <p>By default this is not set. */ public CorsRegistration exposedHeaders(String... headers) { this.config.setExposedHeaders(Arrays.asList(headers)); return this; }
/** * Set the list of response headers other than "simple" headers, i.e. * {@code Cache-Control}, {@code Content-Language}, {@code Content-Type}, * {@code Expires}, {@code Last-Modified}, or {@code Pragma}, that an * actual response might have and can be exposed. * <p>Note that {@code "*"} is not supported on this property. * <p>By default this is not set. */ public CorsRegistration exposedHeaders(String... headers) { this.config.setExposedHeaders(new ArrayList<>(Arrays.asList(headers))); return this; }
/** * Set the list of response headers other than "simple" headers, i.e. * {@code Cache-Control}, {@code Content-Language}, {@code Content-Type}, * {@code Expires}, {@code Last-Modified}, or {@code Pragma}, that an * actual response might have and can be exposed. * <p>Note that {@code "*"} is not supported on this property. * <p>By default this is not set. */ public CorsRegistration exposedHeaders(String... headers) { this.config.setExposedHeaders(Arrays.asList(headers)); return this; }
config.setExposedHeaders(Arrays.asList(exposedHeaders));
@Test(expected = IllegalArgumentException.class) public void asteriskWildCardOnSetExposedHeaders() { CorsConfiguration config = new CorsConfiguration(); config.setExposedHeaders(Arrays.asList("*")); }
config.setExposedHeaders(Arrays.asList(exposedHeaders));
@Before public void setup() throws Exception { config.setAllowedOrigins(Arrays.asList("http://domain1.com", "http://domain2.com")); config.setAllowedMethods(Arrays.asList("GET", "POST")); config.setAllowedHeaders(Arrays.asList("header1", "header2")); config.setExposedHeaders(Arrays.asList("header3", "header4")); config.setMaxAge(123L); config.setAllowCredentials(false); filter = new CorsWebFilter(r -> config); }
@Before public void setup() throws Exception { config.setAllowedOrigins(Arrays.asList("http://domain1.com", "http://domain2.com")); config.setAllowedMethods(Arrays.asList("GET", "POST")); config.setAllowedHeaders(Arrays.asList("header1", "header2")); config.setExposedHeaders(Arrays.asList("header3", "header4")); config.setMaxAge(123L); config.setAllowCredentials(false); filter = new CorsFilter(r -> config); }
config.setAllowedMethods(combine(getAllowedMethods(), other.getAllowedMethods())); config.setAllowedHeaders(combine(getAllowedHeaders(), other.getAllowedHeaders())); config.setExposedHeaders(combine(getExposedHeaders(), other.getExposedHeaders())); Boolean allowCredentials = other.getAllowCredentials(); if (allowCredentials != null) {
config.setAllowedMethods(combine(getAllowedMethods(), other.getAllowedMethods())); config.setAllowedHeaders(combine(getAllowedHeaders(), other.getAllowedHeaders())); config.setExposedHeaders(combine(getExposedHeaders(), other.getExposedHeaders())); Boolean allowCredentials = other.getAllowCredentials(); if (allowCredentials != null) {
@Test public void setNullValues() { CorsConfiguration config = new CorsConfiguration(); config.setAllowedOrigins(null); assertNull(config.getAllowedOrigins()); config.setAllowedHeaders(null); assertNull(config.getAllowedHeaders()); config.setAllowedMethods(null); assertNull(config.getAllowedMethods()); config.setExposedHeaders(null); assertNull(config.getExposedHeaders()); config.setAllowCredentials(null); assertNull(config.getAllowCredentials()); config.setMaxAge(null); assertNull(config.getMaxAge()); }
config.setExposedHeaders(Arrays .asList(StringUtils.split(configData.get(CONFIG_EXPOSED_HEADERS), CommonConstants.COMMA_DELIMITED)));
config.setExposedHeaders(Arrays .asList(StringUtils.split(configData.get(CONFIG_EXPOSED_HEADERS), CommonConstants.COMMA_DELIMITED)));
/** * Set the list of response headers other than "simple" headers, i.e. * {@code Cache-Control}, {@code Content-Language}, {@code Content-Type}, * {@code Expires}, {@code Last-Modified}, or {@code Pragma}, that an * actual response might have and can be exposed. * <p>Note that {@code "*"} is not supported on this property. * <p>By default this is not set. */ public CorsRegistration exposedHeaders(String... headers) { this.config.setExposedHeaders(Arrays.asList(headers)); return this; }
/** * Set the list of response headers other than "simple" headers, i.e. * {@code Cache-Control}, {@code Content-Language}, {@code Content-Type}, * {@code Expires}, {@code Last-Modified}, or {@code Pragma}, that an * actual response might have and can be exposed. * <p>Note that {@code "*"} is not supported on this property. * <p>By default this is not set. */ public CorsRegistration exposedHeaders(String... headers) { this.config.setExposedHeaders(new ArrayList<>(Arrays.asList(headers))); return this; }
@Bean public CorsConfigurationSource corsConfigurationSource() { final CorsConfiguration configuration = new CorsConfiguration(); configuration.setAllowedOrigins(ImmutableList.of("*")); configuration.setAllowedMethods(ImmutableList.of("*")); configuration.setAllowCredentials(true); configuration.setAllowedHeaders(ImmutableList.of("*")); configuration.setExposedHeaders(ImmutableList.of("Access-Control-Allow-Origin", "Access-Control-Allow-Methods", "Access-Control-Allow-Headers", "Access-Control-Max-Age", "Access-Control-Request-Headers", "Access-Control-Request-Method")); final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); source.registerCorsConfiguration("/**", configuration); return source; }
@Override public CorsConfiguration getCorsConfiguration(ServerWebExchange exchange) { CorsConfiguration config = new CorsConfiguration(); config.setAllowCredentials(true); config.setAllowedHeaders(Arrays.asList(cors.getAllowedHeaders())); config.setAllowedMethods(Arrays.asList(cors.getAllowedMethods())); config.setAllowedOrigins(Arrays.asList(cors.getAllowedOrigins())); config.setExposedHeaders(Arrays.asList(cors.getExposedHeaders())); config.setMaxAge(cors.getMaxAge()); return config; }
@Override public CorsConfiguration getCorsConfiguration(HttpServletRequest request) { CorsConfiguration config = new CorsConfiguration(); config.setAllowCredentials(true); config.setAllowedHeaders(Arrays.asList(cors.getAllowedHeaders())); config.setAllowedMethods(Arrays.asList(cors.getAllowedMethods())); config.setAllowedOrigins(Arrays.asList(cors.getAllowedOrigins())); config.setExposedHeaders(Arrays.asList(cors.getExposedHeaders())); config.setMaxAge(cors.getMaxAge()); return config; }
@Bean public CorsConfigurationSource corsConfigurationSource() { final CorsConfiguration config = new CorsConfiguration(); config.setAllowCredentials(true); config.setAllowedOrigins(getPropertiesAsList("http.cors.allow-origin", "*")); config.setAllowedHeaders(getPropertiesAsList("http.cors.allow-headers", "Cache-Control, Pragma, Origin, Authorization, Content-Type, X-Requested-With, If-Match")); config.setAllowedMethods(getPropertiesAsList("http.cors.allow-methods", "OPTIONS, GET, POST, PUT, DELETE")); config.setExposedHeaders(getPropertiesAsList("http.cors.exposed-headers", "ETag")); config.setMaxAge(environment.getProperty("http.cors.max-age", Long.class, 1728000L)); config.setExposedHeaders(Collections.singletonList("ETag")); final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); source.registerCorsConfiguration("/**", config); return source; }
@Bean public CorsConfigurationSource corsConfigurationSource() { final CorsConfiguration config = new CorsConfiguration(); config.setAllowCredentials(true); config.setAllowedOrigins(getPropertiesAsList("http.cors.allow-origin", "*")); config.setAllowedHeaders(getPropertiesAsList("http.cors.allow-headers", "Cache-Control, Pragma, Origin, Authorization, Content-Type, X-Requested-With, If-Match")); config.setAllowedMethods(getPropertiesAsList("http.cors.allow-methods", "OPTIONS, GET, POST, PUT, DELETE")); config.setExposedHeaders(getPropertiesAsList("http.cors.exposed-headers", "ETag")); config.setMaxAge(environment.getProperty("http.cors.max-age", Long.class, 1728000L)); config.setExposedHeaders(Collections.singletonList("ETag")); final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); source.registerCorsConfiguration("/**", config); return source; }