com.linecorp.armeria.server.cors

Class CorsServiceBuilder

java.lang.Object

com.linecorp.armeria.server.cors.CorsServiceBuilder

public final class CorsServiceBuilder
extends Object

Builds a new CorsService or its decorator function.

Example

 ServerBuilder sb = Server.builder();
 sb.service("/cors", myService.decorate(
          CorsService.builder("http://example.com", "http://example2.com")
                     .shortCircuit()
                     .allowNullOrigin()
                     .allowCredentials()
                     .allowRequestMethods(HttpMethod.GET, HttpMethod.POST)
                     .allowRequestHeaders("allow_request_header1", "allow_request_header2")
                     .andForOrigins("http://example3.com")
                     .allowCredentials()
                     .allowRequestMethods(HttpMethod.GET)
                     .and()
                     .newDecorator()));
 

Method Summary

Modifier and Type	Method and Description
CorsServiceBuilder	addPolicy(CorsPolicy policy) Adds a CorsPolicy instance in the service.
CorsServiceBuilder	allowCredentials() Enables cookies to be added to CORS requests.
CorsServiceBuilder	allowNullOrigin() Enables a successful CORS response with a "null" value for the CORS response header "Access-Control-Allow-Origin".
CorsServiceBuilder	allowRequestHeaders(CharSequence... headers) Specifies the headers that should be returned in the CORS "Access-Control-Allow-Headers" response header.
CorsServiceBuilder	allowRequestHeaders(Iterable<? extends CharSequence> headers) Specifies the headers that should be returned in the CORS "Access-Control-Allow-Headers" response header.
CorsServiceBuilder	allowRequestMethods(HttpMethod... methods) Specifies the allowed set of HTTP request methods that should be returned in the CORS "Access-Control-Allow-Methods" response header.
CorsServiceBuilder	allowRequestMethods(Iterable<HttpMethod> methods) Specifies the allowed set of HTTP request methods that should be returned in the CORS "Access-Control-Allow-Methods" response header.
ChainedCorsPolicyBuilder	andForOrigin(String origin) Creates a new builder instance for a new CorsPolicy.
ChainedCorsPolicyBuilder	andForOrigins(Iterable<String> origins) Creates a new builder instance for a new CorsPolicy.
ChainedCorsPolicyBuilder	andForOrigins(String... origins) Creates a new builder instance for a new CorsPolicy.
CorsService	build(HttpService delegate) Returns a newly-created CorsService based on the properties of this builder.
CorsServiceBuilder	disablePreflightResponseHeaders() Specifies that no preflight response headers should be added to a preflight response.
CorsServiceBuilder	exposeHeaders(CharSequence... headers) Specifies the headers to be exposed to calling clients.
CorsServiceBuilder	exposeHeaders(Iterable<? extends CharSequence> headers) Specifies the headers to be exposed to calling clients.
static CorsServiceBuilder	forAnyOrigin() Deprecated. Use CorsService.builderForAnyOrigin().
static CorsServiceBuilder	forOrigin(String origin) Deprecated. Use CorsService.builder(String...).
static CorsServiceBuilder	forOrigins(Iterable<String> origins) Deprecated. Use CorsService.builder(Iterable).
static CorsServiceBuilder	forOrigins(String... origins) Deprecated. Use CorsService.builder(String...).
CorsServiceBuilder	maxAge(Duration maxAge) Sets the CORS "Access-Control-Max-Age" response header and enables the caching of the preflight response for the specified time.
CorsServiceBuilder	maxAge(long maxAge) Sets the CORS "Access-Control-Max-Age" response header and enables the caching of the preflight response for the specified time.
Function<? super HttpService,CorsService>	newDecorator() Returns a newly-created decorator that decorates an HttpService with a new CorsService based on the properties of this builder.
CorsServiceBuilder	preflightResponseHeader(CharSequence name, Iterable<?> values) Returns HTTP response headers that should be added to a CORS preflight response.
CorsServiceBuilder	preflightResponseHeader(CharSequence name, Object... values) Returns HTTP response headers that should be added to a CORS preflight response.
CorsServiceBuilder	preflightResponseHeader(CharSequence name, Supplier<?> valueSupplier) Returns HTTP response headers that should be added to a CORS preflight response.
CorsServiceBuilder	route(String pathPattern) Adds a path pattern that this policy is supposed to be applied to.
CorsServiceBuilder	shortCircuit() Specifies that a CORS request should be rejected if it's invalid before being further processing.
String	toString()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Method Detail

forAnyOrigin

@Deprecated
public static CorsServiceBuilder forAnyOrigin()

Deprecated. Use CorsService.builderForAnyOrigin().

Creates a new builder with its origin set with '*'.

forOrigin

@Deprecated
public static CorsServiceBuilder forOrigin(String origin)

Deprecated. Use CorsService.builder(String...).

Creates a new builder with the specified origin.

forOrigins

@Deprecated
public static CorsServiceBuilder forOrigins(String... origins)

Deprecated. Use CorsService.builder(String...).

Creates a new builder with the specified origins.

forOrigins

@Deprecated
public static CorsServiceBuilder forOrigins(Iterable<String> origins)

Deprecated. Use CorsService.builder(Iterable).

Creates a new builder with the specified origins.

addPolicy

public CorsServiceBuilder addPolicy(CorsPolicy policy)

Adds a CorsPolicy instance in the service.

route

public CorsServiceBuilder route(String pathPattern)

Adds a path pattern that this policy is supposed to be applied to.

Parameters:

pathPattern - the path pattern that this policy is supposed to be applied to

Throws:

IllegalArgumentException - if the path pattern is not valid

allowNullOrigin

public CorsServiceBuilder allowNullOrigin()

Enables a successful CORS response with a "null" value for the CORS response header "Access-Control-Allow-Origin". Web browsers may set the "Origin" request header to "null" if a resource is loaded from the local file system.

Returns:

this to support method chaining.

Throws:

IllegalStateException - if anyOriginSupported is true.

allowCredentials

public CorsServiceBuilder allowCredentials()

Enables cookies to be added to CORS requests. Calling this method will set the CORS "Access-Control-Allow-Credentials" response header to true. By default, cookies are not included in CORS requests.

Please note, that cookie support needs to be enabled on the client side as well. The client needs to opt-in to send cookies by calling:

 xhr.withCredentials = true;
 

The default value for 'withCredentials' is false in which case no cookies are sent. Setting this to true will include cookies in cross origin requests.

Returns:

CorsServiceBuilder to support method chaining.

shortCircuit

public CorsServiceBuilder shortCircuit()

Specifies that a CORS request should be rejected if it's invalid before being further processing.

CORS headers are set after a request is processed. This may not always be desired and this setting will check that the Origin is valid and if it is not valid no further processing will take place, and a error will be returned to the calling client.

Returns:

CorsServiceBuilder to support method chaining.

Throws:

IllegalStateException - if anyOriginSupported is true.

maxAge

public CorsServiceBuilder maxAge(long maxAge)

Sets the CORS "Access-Control-Max-Age" response header and enables the caching of the preflight response for the specified time. During this time no preflight request will be made.

Parameters:

maxAge - the maximum time, in seconds, that the preflight response may be cached.

Returns:

CorsServiceBuilder to support method chaining.

maxAge

public CorsServiceBuilder maxAge(Duration maxAge)

Sets the CORS "Access-Control-Max-Age" response header and enables the caching of the preflight response for the specified time. During this time no preflight request will be made.

Parameters:

maxAge - the maximum time that the preflight response may be cached. Rounded to seconds.

Returns:

CorsServiceBuilder to support method chaining.

exposeHeaders

public CorsServiceBuilder exposeHeaders(CharSequence... headers)

Specifies the headers to be exposed to calling clients.

During a simple CORS request, only certain response headers are made available by the browser, for example using:

 xhr.getResponseHeader("Content-Type");
 

The headers that are available by default are:

• Cache-Control
• Content-Language
• Content-Type
• Expires
• Last-Modified
• Pragma

To expose other headers they need to be specified which is what this method enables by adding the headers to the CORS "Access-Control-Expose-Headers" response header.

Parameters:

headers - the values to be added to the "Access-Control-Expose-Headers" response header

Returns:

CorsServiceBuilder to support method chaining.

exposeHeaders

public CorsServiceBuilder exposeHeaders(Iterable<? extends CharSequence> headers)

Specifies the headers to be exposed to calling clients.

During a simple CORS request, only certain response headers are made available by the browser, for example using:

 xhr.getResponseHeader("Content-Type");
 

The headers that are available by default are:

• Cache-Control
• Content-Language
• Content-Type
• Expires
• Last-Modified
• Pragma

To expose other headers they need to be specified which is what this method enables by adding the headers to the CORS "Access-Control-Expose-Headers" response header.

Parameters:

headers - the values to be added to the "Access-Control-Expose-Headers" response header

Returns:

CorsServiceBuilder to support method chaining.

allowRequestMethods

public CorsServiceBuilder allowRequestMethods(HttpMethod... methods)

Specifies the allowed set of HTTP request methods that should be returned in the CORS "Access-Control-Allow-Methods" response header.

Parameters:

methods - the HttpMethods that should be allowed.

Returns:

CorsServiceBuilder to support method chaining.

allowRequestMethods

public CorsServiceBuilder allowRequestMethods(Iterable<HttpMethod> methods)

Specifies the allowed set of HTTP request methods that should be returned in the CORS "Access-Control-Allow-Methods" response header.

Parameters:

methods - the HttpMethods that should be allowed.

Returns:

CorsServiceBuilder to support method chaining.

allowRequestHeaders

public CorsServiceBuilder allowRequestHeaders(CharSequence... headers)

Specifies the headers that should be returned in the CORS "Access-Control-Allow-Headers" response header.

If a client specifies headers on the request, for example by calling:

 xhr.setRequestHeader('My-Custom-Header', 'SomeValue');
 

the server will receive the above header name in the "Access-Control-Request-Headers" of the preflight request. The server will then decide if it allows this header to be sent for the real request (remember that a preflight is not the real request but a request asking the server if it allows a request).

Parameters:

headers - the headers to be added to the preflight "Access-Control-Allow-Headers" response header.

Returns:

CorsServiceBuilder to support method chaining.

allowRequestHeaders

public CorsServiceBuilder allowRequestHeaders(Iterable<? extends CharSequence> headers)

Specifies the headers that should be returned in the CORS "Access-Control-Allow-Headers" response header.

If a client specifies headers on the request, for example by calling:

 xhr.setRequestHeader('My-Custom-Header', 'SomeValue');
 

the server will receive the above header name in the "Access-Control-Request-Headers" of the preflight request. The server will then decide if it allows this header to be sent for the real request (remember that a preflight is not the real request but a request asking the server if it allows a request).

Parameters:

headers - the headers to be added to the preflight "Access-Control-Allow-Headers" response header.

Returns:

CorsServiceBuilder to support method chaining.

preflightResponseHeader

public CorsServiceBuilder preflightResponseHeader(CharSequence name,
                                                  Object... values)

Returns HTTP response headers that should be added to a CORS preflight response.

An intermediary like a load balancer might require that a CORS preflight request have certain headers set. This enables such headers to be added.

Parameters:

name - the name of the HTTP header.

values - the values for the HTTP header.

Returns:

CorsServiceBuilder to support method chaining.

preflightResponseHeader

public CorsServiceBuilder preflightResponseHeader(CharSequence name,
                                                  Iterable<?> values)

Returns HTTP response headers that should be added to a CORS preflight response.

An intermediary like a load balancer might require that a CORS preflight request have certain headers set. This enables such headers to be added.

Parameters:

name - the name of the HTTP header.

values - the values for the HTTP header.

Returns:

CorsServiceBuilder to support method chaining.

preflightResponseHeader

public CorsServiceBuilder preflightResponseHeader(CharSequence name,
                                                  Supplier<?> valueSupplier)

Returns HTTP response headers that should be added to a CORS preflight response.

An intermediary like a load balancer might require that a CORS preflight request have certain headers set. This enables such headers to be added.

Some values must be dynamically created when the HTTP response is created, for example the 'Date' response header. This can be accomplished by using a Supplier which will have its 'call' method invoked when the HTTP response is created.

Parameters:

name - the name of the HTTP header.

valueSupplier - a Supplier which will be invoked at HTTP response creation.

Returns:

CorsServiceBuilder to support method chaining.

disablePreflightResponseHeaders

public CorsServiceBuilder disablePreflightResponseHeaders()

Specifies that no preflight response headers should be added to a preflight response.

Returns:

CorsServiceBuilder to support method chaining.

build

public CorsService build(HttpService delegate)

Returns a newly-created CorsService based on the properties of this builder.

newDecorator

public Function<? super HttpService,CorsService> newDecorator()

Returns a newly-created decorator that decorates an HttpService with a new CorsService based on the properties of this builder.

andForOrigins

public ChainedCorsPolicyBuilder andForOrigins(String... origins)

Creates a new builder instance for a new CorsPolicy.

Returns:

ChainedCorsPolicyBuilder to support method chaining.

andForOrigins

public ChainedCorsPolicyBuilder andForOrigins(Iterable<String> origins)

Creates a new builder instance for a new CorsPolicy.

Returns:

ChainedCorsPolicyBuilder to support method chaining.

andForOrigin

public ChainedCorsPolicyBuilder andForOrigin(String origin)

Creates a new builder instance for a new CorsPolicy.

Returns:

ChainedCorsPolicyBuilder to support method chaining.

toString

public String toString()

Overrides:

toString in class Object