Package org.elasticsearch.http.netty4.cors

Class Netty4CorsConfig

  • public final class Netty4CorsConfig
extends java.lang.Object
    Configuration for Cross-Origin Resource Sharing (CORS). This class was lifted from the Netty project: https://github.com/netty/netty

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      java.util.Set<java.lang.String> allowedRequestHeaders()
      Returns the allowed set of Request Headers.
      java.util.Set<io.netty.handler.codec.http.HttpMethod> allowedRequestMethods()
      Returns the allowed set of Request Methods.
      boolean isAnyOriginSupported()
      Determines whether a wildcard origin, '*', is supported.
      boolean isCorsSupportEnabled()
      Determines if support for CORS is enabled.
      boolean isCredentialsAllowed()
      Determines if cookies are supported for CORS requests.
      boolean isNullOriginAllowed()
      Web browsers may set the 'Origin' request header to 'null' if a resource is loaded from the local file system.
      boolean isOriginAllowed​(java.lang.String origin)
      Returns whether the input origin is allowed by this configuration.
      boolean isShortCircuit()
      Determines whether a CORS request should be rejected if it's invalid before being further processing.
      long maxAge()
      Gets the maxAge setting.
      java.util.Optional<java.util.Set<java.lang.String>> origins()
      Returns the set of allowed origins.
      io.netty.handler.codec.http.HttpHeaders preflightResponseHeaders()
      Returns HTTP response headers that should be added to a CORS preflight response.
      java.lang.String toString()  

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

    • Method Detail

      • isCorsSupportEnabled

        public boolean isCorsSupportEnabled()
        Determines if support for CORS is enabled.
        Returns:
        true if support for CORS is enabled, false otherwise.

      • isAnyOriginSupported

        public boolean isAnyOriginSupported()
        Determines whether a wildcard origin, '*', is supported.
        Returns:
        boolean true if any origin is allowed.

      • origins

        public java.util.Optional<java.util.Set<java.lang.String>> origins()
        Returns the set of allowed origins.
        Returns:
        Set the allowed origins.

      • isOriginAllowed

        public boolean isOriginAllowed​(java.lang.String origin)
        Returns whether the input origin is allowed by this configuration.
        Returns:
        true if the origin is allowed, otherwise false

      • isNullOriginAllowed

        public boolean isNullOriginAllowed()
        Web browsers may set the 'Origin' request header to 'null' if a resource is loaded from the local file system. If isNullOriginAllowed is true then the server will response with the wildcard for the the CORS response header 'Access-Control-Allow-Origin'.
        Returns:
        true if a 'null' origin should be supported.

      • isCredentialsAllowed

        public boolean isCredentialsAllowed()
        Determines if cookies are supported for CORS requests. By default cookies are not included in CORS requests but if isCredentialsAllowed returns true cookies will be added to CORS requests. Setting this value to true will set the CORS 'Access-Control-Allow-Credentials' response header to true. Please note that cookie support needs to be enabled on the client side as well. The client needs to opt-in to send cookies by calling: 
         xhr.withCredentials = true;
        The default value for 'withCredentials' is false in which case no cookies are sent. Setting this to true will included cookies in cross origin requests.
        Returns:
        true if cookies are supported.

      • maxAge

        public long maxAge()
        Gets the maxAge setting. When making a preflight request the client has to perform two request with can be inefficient. This setting will set the CORS 'Access-Control-Max-Age' response header and enables the caching of the preflight response for the specified time. During this time no preflight request will be made.
        Returns:
        long the time in seconds that a preflight request may be cached.

      • allowedRequestMethods

        public java.util.Set<io.netty.handler.codec.http.HttpMethod> allowedRequestMethods()
        Returns the allowed set of Request Methods. The Http methods that should be returned in the CORS 'Access-Control-Request-Method' response header.
        Returns:
        Set of HttpMethods that represent the allowed Request Methods.

      • allowedRequestHeaders

        public java.util.Set<java.lang.String> allowedRequestHeaders()
        Returns the allowed set of Request Headers. The header names returned from this method will be used to set the CORS 'Access-Control-Allow-Headers' response header.
        Returns:
        Set<String> of strings that represent the allowed Request Headers.

      • preflightResponseHeaders

        public io.netty.handler.codec.http.HttpHeaders preflightResponseHeaders()
        Returns HTTP response headers that should be added to a CORS preflight response.
        Returns:
        HttpHeaders the HTTP response headers to be added.

      • isShortCircuit

        public boolean isShortCircuit()
        Determines whether a CORS request should be rejected if it's invalid before being further processing. CORS headers are set after a request is processed. This may not always be desired and this setting will check that the Origin is valid and if it is not valid no further processing will take place, and a error will be returned to the calling client.
        Returns:
        true if a CORS request should short-circuit upon receiving an invalid Origin header.

      • toString

        public java.lang.String toString()
        Overrides:
        toString in class java.lang.Object