Package org.apache.cxf.rs.security.cors
Annotation Type CrossOriginResourceSharing
-
@Target({TYPE,METHOD}) @Retention(RUNTIME) @Inherited public @interface CrossOriginResourceSharing
Attach CORS information to a resource. This annotation is read byCrossOriginResourceSharingFilter. If this annotation is present on a method, or on the method's class (or its superclasses), then it completely overrides any parameters set inCrossOriginResourceSharingFilter. If a particular parameter of this annotation is not specified, then the default value is used, not the parameters of the filter. Note that the CORS specification censors the headers on a preflight OPTIONS request. As a result, the filter cannot determine exactly which method corresponds to the request, and so uses only class-level annotations to set policies.
-
-
Optional Element Summary
Optional Elements Modifier and Type Optional Element Description booleanallowAllOriginsIf true, this resource will returnbooleanallowCredentialsIf true, this resource will returnString[]allowHeadersA list of headers that the client may include in an actual request.String[]allowOriginsA list of permitted origins.String[]exposeHeadersA list of headers to return in Access-Control-Expose-Headers.intmaxAgeThe value to return in Access-Control-Max-Age.
-
-
-
-
allowOrigins
String[] allowOrigins
A list of permitted origins. It is ignored ifallowAllOrigins()returns true- Default:
- {}
-
-
-
allowHeaders
String[] allowHeaders
A list of headers that the client may include in an actual request. All the headers listed in the Access-Control-Request-Headers will be allowed if the list is empty- Default:
- {}
-
-
-
exposeHeaders
String[] exposeHeaders
A list of headers to return in Access-Control-Expose-Headers.- Default:
- {}
-
-