Package org.springframework.web.cors
Class DefaultCorsProcessor
java.lang.Object
org.springframework.web.cors.DefaultCorsProcessor
- All Implemented Interfaces:
CorsProcessor
The default implementation of
CorsProcessor, as defined by the
CORS W3C recommendation.
Note that when input CorsConfiguration is null, this
implementation does not reject simple or actual requests outright but simply
avoid adding CORS headers to the response. CORS processing is also skipped
if the response already contains CORS headers.
- Since:
- 4.2
- Author:
- Sebastien Deleuze, Rossen Stoyanchev
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptioncheckHeaders(CorsConfiguration config, List<String> requestHeaders) Check the headers and determine the headers for the response of a pre-flight request.protected List<HttpMethod>checkMethods(CorsConfiguration config, HttpMethod requestMethod) Check the HTTP method and determine the methods for the response of a pre-flight request.protected StringcheckOrigin(CorsConfiguration config, String requestOrigin) Check the origin and determine the origin for the response.protected booleanhandleInternal(ServerHttpRequest request, ServerHttpResponse response, CorsConfiguration config, boolean preFlightRequest) Handle the given request.booleanprocessRequest(CorsConfiguration config, HttpServletRequest request, HttpServletResponse response) Process a request given aCorsConfiguration.protected voidrejectRequest(ServerHttpResponse response) Invoked when one of the CORS checks failed.
-
Constructor Details
-
DefaultCorsProcessor
public DefaultCorsProcessor()
-
-
Method Details
-
processRequest
public boolean processRequest(@Nullable CorsConfiguration config, HttpServletRequest request, HttpServletResponse response) throws IOException Description copied from interface:CorsProcessorProcess a request given aCorsConfiguration.- Specified by:
processRequestin interfaceCorsProcessor- Parameters:
config- the applicable CORS configuration (possiblynull)request- the current requestresponse- the current response- Returns:
falseif the request is rejected,trueotherwise- Throws:
IOException
-
rejectRequest
Invoked when one of the CORS checks failed. The default implementation sets the response status to 403 and writes "Invalid CORS request" to the response.- Throws:
IOException
-
handleInternal
protected boolean handleInternal(ServerHttpRequest request, ServerHttpResponse response, CorsConfiguration config, boolean preFlightRequest) throws IOException Handle the given request.- Throws:
IOException
-
checkOrigin
Check the origin and determine the origin for the response. The default implementation simply delegates toCorsConfiguration.checkOrigin(String). -
checkMethods
@Nullable protected List<HttpMethod> checkMethods(CorsConfiguration config, @Nullable HttpMethod requestMethod) Check the HTTP method and determine the methods for the response of a pre-flight request. The default implementation simply delegates toCorsConfiguration.checkHttpMethod(HttpMethod). -
checkHeaders
@Nullable protected List<String> checkHeaders(CorsConfiguration config, List<String> requestHeaders) Check the headers and determine the headers for the response of a pre-flight request. The default implementation simply delegates toCorsConfiguration.checkOrigin(String).
-