com.linecorp.armeria.server.annotation.decorator

Annotation Type CorsDecorator

@Repeatable(value=CorsDecorators.class)
 @Retention(value=RUNTIME)
 @Target(value={TYPE,METHOD})
public @interface CorsDecorator

A CorsService decorator for annotated HTTP services.

Required Element Summary

Required Elements

Modifier and Type	Required Element and Description
String[]	origins Allowed origins.

Optional Element Summary

Optional Elements

Modifier and Type	Optional Element and Description
String[]	allowedRequestHeaders The headers that should be returned in the CORS "Access-Control-Allow-Headers" response header.
HttpMethod[]	allowedRequestMethods The allowed HTTP request methods that should be returned in the CORS "Access-Control-Allow-Methods" response header.
boolean	credentialsAllowed Determines if cookies are allowed to be added to CORS requests.
String[]	exposedHeaders The headers to be exposed to calling clients.
long	maxAge The value of the CORS "Access-Control-Max-Age" response header which enables the caching of the preflight response for the specified time.
boolean	nullOriginAllowed Determines if a "null" origin is allowed.
String[]	pathPatterns The path patterns that this policy is supposed to be applied to.
boolean	preflightRequestDisabled Determines if no preflight response headers should be added to a CORS preflight response.
AdditionalHeader[]	preflightRequestHeaders The HTTP response headers that should be added to a CORS preflight response.

Element Detail

origins

public abstract String[] origins

Allowed origins. Sets this property to be "*" to allow any origin.

pathPatterns

public abstract String[] pathPatterns

The path patterns that this policy is supposed to be applied to. If unspecified, all paths would be accepted.

Default:

{}

allowedRequestMethods

public abstract HttpMethod[] allowedRequestMethods

The allowed HTTP request methods that should be returned in the CORS "Access-Control-Allow-Methods" response header.

See Also:

CorsPolicyBuilder.allowRequestMethods(HttpMethod...)

Default:

{}

maxAge

public abstract long maxAge

The value of the CORS "Access-Control-Max-Age" response header which enables the caching of the preflight response for the specified time. During this time no preflight request will be made.

See Also:

CorsPolicyBuilder.maxAge(long)

Default:

0L

exposedHeaders

public abstract String[] exposedHeaders

The headers to be exposed to calling clients.

See Also:

CorsPolicyBuilder.exposeHeaders(CharSequence...)

Default:

{}

allowedRequestHeaders

public abstract String[] allowedRequestHeaders

The headers that should be returned in the CORS "Access-Control-Allow-Headers" response header.

See Also:

CorsPolicyBuilder.allowRequestHeaders(CharSequence...)

Default:

{}

credentialsAllowed

public abstract boolean credentialsAllowed

Determines if cookies are allowed to be added to CORS requests. Settings this to be true will set the CORS "Access-Control-Allow-Credentials" response header to "true".

If unset, will be false.

See Also:

CorsPolicyBuilder.allowCredentials()

Default:

false

nullOriginAllowed

public abstract boolean nullOriginAllowed

Determines if a "null" origin is allowed.

If unset, will be false.

See Also:

CorsPolicyBuilder.allowNullOrigin()

Default:

false

preflightRequestHeaders

public abstract AdditionalHeader[] preflightRequestHeaders

The HTTP response headers that should be added to a CORS preflight response.

See Also:

CorsPolicyBuilder.preflightResponseHeader(CharSequence, Object...)

Default:

{}

preflightRequestDisabled

public abstract boolean preflightRequestDisabled

Determines if no preflight response headers should be added to a CORS preflight response.

If unset, will be false.

See Also:

CorsPolicyBuilder.disablePreflightResponseHeaders()

Default:

false