Package io.micronaut.http.server.cors
Class CorsFilter
java.lang.Object
io.micronaut.http.server.cors.CorsFilter
- All Implemented Interfaces:
Ordered
,ConditionalFilter
Responsible for handling CORS requests and responses.
- Since:
- 1.0
- Author:
- James Kleeh, Graeme Rocher
-
Field Summary
Modifier and TypeFieldDescriptionstatic final int
protected final HttpServerConfiguration.CorsConfiguration
Fields inherited from interface io.micronaut.core.order.Ordered
HIGHEST_PRECEDENCE, LOWEST_PRECEDENCE
-
Constructor Summary
ConstructorDescriptionCorsFilter
(HttpServerConfiguration.CorsConfiguration corsConfiguration, @Nullable HttpHostResolver httpHostResolver) -
Method Summary
Modifier and TypeMethodDescriptionfinal @Nullable HttpResponse<?>
filterRequest
(HttpRequest<?> request) final void
filterResponse
(HttpRequest<?> request, MutableHttpResponse<?> response) int
getOrder()
boolean
isEnabled
(HttpRequest<?> request) The filter condition.protected void
setAllowCredentials
(CorsOriginConfiguration config, MutableHttpResponse<?> response) protected void
setAllowHeaders
(List<?> optionalAllowHeaders, MutableHttpResponse<?> response) protected void
setAllowMethods
(HttpMethod method, MutableHttpResponse<?> response) protected void
setAllowPrivateNetwork
(CorsOriginConfiguration config, MutableHttpResponse<?> response) Sets the HTTP Header "Access-Control-Allow-Private-Network" in the response totrue
, if theCorsOriginConfiguration.isAllowPrivateNetwork()
istrue
.protected void
setExposeHeaders
(List<String> exposedHeaders, MutableHttpResponse<?> response) protected void
setMaxAge
(long maxAge, MutableHttpResponse<?> response) protected void
setOrigin
(@Nullable String origin, @NonNull MutableHttpResponse<?> response) protected void
setVary
(MutableHttpResponse<?> response) protected boolean
shouldDenyToPreventDriveByLocalhostAttack
(@NonNull CorsOriginConfiguration corsOriginConfiguration, @NonNull HttpRequest<?> request) protected boolean
shouldDenyToPreventDriveByLocalhostAttack
(@NonNull String origin, @NonNull HttpRequest<?> request)
-
Field Details
-
CORS_FILTER_ORDER
public static final int CORS_FILTER_ORDER -
corsConfiguration
-
-
Constructor Details
-
CorsFilter
public CorsFilter(HttpServerConfiguration.CorsConfiguration corsConfiguration, @Nullable @Nullable HttpHostResolver httpHostResolver) - Parameters:
corsConfiguration
- TheCorsOriginConfiguration
instancehttpHostResolver
- HTTP Host resolver
-
-
Method Details
-
isEnabled
Description copied from interface:ConditionalFilter
The filter condition.- Specified by:
isEnabled
in interfaceConditionalFilter
- Parameters:
request
- The request- Returns:
- true if the filter is enabled
-
filterRequest
@RequestFilter @Nullable @Internal public final @Nullable HttpResponse<?> filterRequest(HttpRequest<?> request) -
filterResponse
@ResponseFilter @Internal public final void filterResponse(HttpRequest<?> request, MutableHttpResponse<?> response) -
shouldDenyToPreventDriveByLocalhostAttack
protected boolean shouldDenyToPreventDriveByLocalhostAttack(@NonNull @NonNull CorsOriginConfiguration corsOriginConfiguration, @NonNull @NonNull HttpRequest<?> request) - Parameters:
corsOriginConfiguration
- CORS Origin configuration for request's HTTP Header origin.request
- HTTP Request- Returns:
- true if the resolved host is localhost or 127.0.0.1 address and the CORS configuration has any for allowed origins.
-
shouldDenyToPreventDriveByLocalhostAttack
protected boolean shouldDenyToPreventDriveByLocalhostAttack(@NonNull @NonNull String origin, @NonNull @NonNull HttpRequest<?> request) - Parameters:
origin
- HTTP HeaderHttpHeaders.ORIGIN
value.request
- HTTP Request- Returns:
- true if the resolved host is localhost or 127.0.0.1 and origin is not one of these then deny it.
-
getOrder
public int getOrder() -
setAllowCredentials
- Parameters:
config
- TheCorsOriginConfiguration
instanceresponse
- TheMutableHttpResponse
object
-
setAllowPrivateNetwork
protected void setAllowPrivateNetwork(CorsOriginConfiguration config, MutableHttpResponse<?> response) Sets the HTTP Header "Access-Control-Allow-Private-Network" in the response totrue
, if theCorsOriginConfiguration.isAllowPrivateNetwork()
istrue
.- Parameters:
config
- TheCorsOriginConfiguration
instanceresponse
- TheMutableHttpResponse
object
-
setExposeHeaders
- Parameters:
exposedHeaders
- A list of the exposed headersresponse
- TheMutableHttpResponse
object
-
setVary
- Parameters:
response
- TheMutableHttpResponse
object
-
setOrigin
protected void setOrigin(@Nullable @Nullable String origin, @NonNull @NonNull MutableHttpResponse<?> response) - Parameters:
origin
- The originresponse
- TheMutableHttpResponse
object
-
setAllowMethods
- Parameters:
method
- TheHttpMethod
objectresponse
- TheMutableHttpResponse
object
-
setAllowHeaders
- Parameters:
optionalAllowHeaders
- A list with optional allow headersresponse
- TheMutableHttpResponse
object
-
setMaxAge
- Parameters:
maxAge
- The max ageresponse
- TheMutableHttpResponse
object
-