/** * Returns {@code true} if the request is a valid CORS pre-flight one. */ public static boolean isPreFlightRequest(ServerHttpRequest request) { return (request.getMethod() == HttpMethod.OPTIONS && isCorsRequest(request) && request.getHeaders().get(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD) != null); }
@Override public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) { ServerHttpRequest request = exchange.getRequest(); if (CorsUtils.isCorsRequest(request)) { CorsConfiguration corsConfiguration = this.configSource.getCorsConfiguration(exchange); if (corsConfiguration != null) { boolean isValid = this.processor.process(corsConfiguration, exchange); if (!isValid || CorsUtils.isPreFlightRequest(request)) { return Mono.empty(); } } } return chain.filter(exchange); }
/** * Returns {@code true} if the request is a valid CORS pre-flight one. */ public static boolean isPreFlightRequest(ServerHttpRequest request) { return (request.getMethod() == HttpMethod.OPTIONS && isCorsRequest(request) && request.getHeaders().get(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD) != null); }
@Override public boolean process(@Nullable CorsConfiguration config, ServerWebExchange exchange) { ServerHttpRequest request = exchange.getRequest(); ServerHttpResponse response = exchange.getResponse(); if (!CorsUtils.isCorsRequest(request)) { return true; } if (responseHasCors(response)) { logger.trace("Skip: response already contains \"Access-Control-Allow-Origin\""); return true; } if (CorsUtils.isSameOrigin(request)) { logger.trace("Skip: request is from same origin"); return true; } boolean preFlightRequest = CorsUtils.isPreFlightRequest(request); if (config == null) { if (preFlightRequest) { rejectRequest(response); return false; } else { return true; } } return handleInternal(exchange, config, preFlightRequest); }
@Override public Mono<Object> getHandler(ServerWebExchange exchange) { return getHandlerInternal(exchange).map(handler -> { if (logger.isDebugEnabled()) { logger.debug(exchange.getLogPrefix() + "Mapped to " + handler); } if (CorsUtils.isCorsRequest(exchange.getRequest())) { CorsConfiguration configA = this.corsConfigurationSource.getCorsConfiguration(exchange); CorsConfiguration configB = getCorsConfiguration(handler, exchange); CorsConfiguration config = (configA != null ? configA.combine(configB) : configB); if (!getCorsProcessor().process(config, exchange) || CorsUtils.isPreFlightRequest(exchange.getRequest())) { return REQUEST_HANDLED_HANDLER; } } return handler; }); }
@Override public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) { ServerHttpRequest request = exchange.getRequest(); if (CorsUtils.isCorsRequest(request)) { CorsConfiguration corsConfiguration = this.configSource.getCorsConfiguration(exchange); if (corsConfiguration != null) { boolean isValid = this.processor.process(corsConfiguration, exchange); if (!isValid || CorsUtils.isPreFlightRequest(request)) { return Mono.empty(); } } } return chain.filter(exchange); }
@Override public boolean process(@Nullable CorsConfiguration config, ServerWebExchange exchange) { ServerHttpRequest request = exchange.getRequest(); ServerHttpResponse response = exchange.getResponse(); if (!CorsUtils.isCorsRequest(request)) { return true; } if (responseHasCors(response)) { logger.trace("Skip: response already contains \"Access-Control-Allow-Origin\""); return true; } if (CorsUtils.isSameOrigin(request)) { logger.trace("Skip: request is from same origin"); return true; } boolean preFlightRequest = CorsUtils.isPreFlightRequest(request); if (config == null) { if (preFlightRequest) { rejectRequest(response); return false; } else { return true; } } return handleInternal(exchange, config, preFlightRequest); }
@Test public void isNotCorsRequest() { ServerHttpRequest request = get("/").build(); assertFalse(CorsUtils.isCorsRequest(request)); }
@Test public void isCorsRequest() { ServerHttpRequest request = get("/").header(HttpHeaders.ORIGIN, "http://domain.com").build(); assertTrue(CorsUtils.isCorsRequest(request)); }
@Bean public WebFilter corsFilter() { return (ServerWebExchange ctx, WebFilterChain chain) -> { ServerHttpRequest request = ctx.getRequest(); if (CorsUtils.isCorsRequest(request)) { ServerHttpResponse response = ctx.getResponse(); HttpHeaders headers = response.getHeaders(); headers.add("Access-Control-Allow-Origin", ALLOWED_ORIGIN); headers.add("Access-Control-Allow-Methods", ALLOWED_METHODS); headers.add("Access-Control-Max-Age", MAX_AGE); headers.add("Access-Control-Allow-Headers",ALLOWED_HEADERS); if (request.getMethod() == HttpMethod.OPTIONS) { response.setStatusCode(HttpStatus.OK); return Mono.empty(); } } return chain.filter(ctx); }; }
/** * Returns {@code true} if the request is a valid CORS pre-flight one. */ public static boolean isPreFlightRequest(ServerHttpRequest request) { return (request.getMethod() == HttpMethod.OPTIONS && isCorsRequest(request) && request.getHeaders().get(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD) != null); }
/** * Returns {@code true} if the request is a valid CORS pre-flight one. */ public static boolean isPreFlightRequest(ServerHttpRequest request) { return (request.getMethod() == HttpMethod.OPTIONS && isCorsRequest(request) && request.getHeaders().get(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD) != null); }
@Bean public WebFilter corsFilter() { return (ServerWebExchange ctx, WebFilterChain chain) -> { ServerHttpRequest request = ctx.getRequest(); if (CorsUtils.isCorsRequest(request)) { ServerHttpResponse response = ctx.getResponse(); HttpHeaders headers = response.getHeaders(); headers.add("Access-Control-Allow-Origin", ALLOWED_ORIGIN); headers.add("Access-Control-Allow-Methods", ALLOWED_METHODS); headers.add("Access-Control-Max-Age", MAX_AGE); headers.add("Access-Control-Allow-Headers",ALLOWED_HEADERS); if (request.getMethod() == HttpMethod.OPTIONS) { response.setStatusCode(HttpStatus.OK); return Mono.empty(); } } return chain.filter(ctx); }; } }
@Override public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) { ServerHttpRequest request = exchange.getRequest(); if (CorsUtils.isCorsRequest(request)) { CorsConfiguration corsConfiguration = this.configSource.getCorsConfiguration(exchange); if (corsConfiguration != null) { boolean isValid = this.processor.process(corsConfiguration, exchange); if (!isValid || CorsUtils.isPreFlightRequest(request)) { return Mono.empty(); } } } return chain.filter(exchange); }
@Override public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) { ServerHttpRequest request = exchange.getRequest(); if (CorsUtils.isCorsRequest(request)) { CorsConfiguration corsConfiguration = this.configSource.getCorsConfiguration(exchange); if (corsConfiguration != null) { boolean isValid = this.processor.process(corsConfiguration, exchange); if (!isValid || CorsUtils.isPreFlightRequest(request)) { return Mono.empty(); } } } return chain.filter(exchange); }
@Override public boolean process(@Nullable CorsConfiguration config, ServerWebExchange exchange) { ServerHttpRequest request = exchange.getRequest(); ServerHttpResponse response = exchange.getResponse(); if (!CorsUtils.isCorsRequest(request)) { return true; } if (responseHasCors(response)) { logger.trace("Skip: response already contains \"Access-Control-Allow-Origin\""); return true; } if (CorsUtils.isSameOrigin(request)) { logger.trace("Skip: request is from same origin"); return true; } boolean preFlightRequest = CorsUtils.isPreFlightRequest(request); if (config == null) { if (preFlightRequest) { rejectRequest(response); return false; } else { return true; } } return handleInternal(exchange, config, preFlightRequest); }
return (ServerWebExchange ctx, WebFilterChain chain) -> { ServerHttpRequest request = ctx.getRequest(); if (!CorsUtils.isCorsRequest(request)) { return chain.filter(ctx);
@Override public Mono<Object> getHandler(ServerWebExchange exchange) { return getHandlerInternal(exchange).map(handler -> { if (CorsUtils.isCorsRequest(exchange.getRequest())) { CorsConfiguration configA = this.globalCorsConfigSource.getCorsConfiguration(exchange); CorsConfiguration configB = getCorsConfiguration(handler, exchange); CorsConfiguration config = (configA != null ? configA.combine(configB) : configB); if (!getCorsProcessor().processRequest(config, exchange) || CorsUtils.isPreFlightRequest(exchange.getRequest())) { return REQUEST_HANDLED_HANDLER; } } return handler; }); }
@Override public boolean process(@Nullable CorsConfiguration config, ServerWebExchange exchange) { ServerHttpRequest request = exchange.getRequest(); ServerHttpResponse response = exchange.getResponse(); if (!CorsUtils.isCorsRequest(request)) { return true; } if (responseHasCors(response)) { logger.debug("Skip CORS: response already contains \"Access-Control-Allow-Origin\" header"); return true; } if (CorsUtils.isSameOrigin(request)) { logger.debug("Skip CORS: request is from same origin"); return true; } boolean preFlightRequest = CorsUtils.isPreFlightRequest(request); if (config == null) { if (preFlightRequest) { rejectRequest(response); return false; } else { return true; } } return handleInternal(exchange, config, preFlightRequest); }