org.springframework.web.cors.reactive

Class DefaultCorsProcessor

java.lang.Object

org.springframework.web.cors.reactive.DefaultCorsProcessor

All Implemented Interfaces:

CorsProcessor

public class DefaultCorsProcessor
extends Object
implements CorsProcessor

The default implementation of CorsProcessor, as defined by the CORS W3C recommendation.

Note that when input CorsConfiguration is null, this implementation does not reject simple or actual requests outright but simply avoid adding CORS headers to the response. CORS processing is also skipped if the response already contains CORS headers, or if the request is detected as a same-origin one.

Since:

5.0

Author:

Sebastien Deleuze, Rossen Stoyanchev

Constructor Summary

Constructors

Constructor and Description
DefaultCorsProcessor()

Method Summary

Modifier and Type	Method and Description
protected List<String>	checkHeaders(CorsConfiguration config, List<String> requestHeaders) Check the headers and determine the headers for the response of a pre-flight request.
protected List<HttpMethod>	checkMethods(CorsConfiguration config, HttpMethod requestMethod) Check the HTTP method and determine the methods for the response of a pre-flight request.
protected String	checkOrigin(CorsConfiguration config, String requestOrigin) Check the origin and determine the origin for the response.
protected boolean	handleInternal(ServerWebExchange exchange, CorsConfiguration config, boolean preFlightRequest) Handle the given request.
boolean	processRequest(CorsConfiguration config, ServerWebExchange exchange) Process a request given a CorsConfiguration.
protected void	rejectRequest(ServerHttpResponse response) Invoked when one of the CORS checks failed.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

DefaultCorsProcessor

public DefaultCorsProcessor()

Method Detail

processRequest

public boolean processRequest(CorsConfiguration config,
                              ServerWebExchange exchange)

Description copied from interface: CorsProcessor

Process a request given a CorsConfiguration.

Specified by:

processRequest in interface CorsProcessor

Parameters:

config - the applicable CORS configuration (possibly null)

exchange - the current HTTP request / response

Returns:

a Mono emitting false if the request is rejected, true otherwise

rejectRequest

protected void rejectRequest(ServerHttpResponse response)

Invoked when one of the CORS checks failed.

handleInternal

protected boolean handleInternal(ServerWebExchange exchange,
                                 CorsConfiguration config,
                                 boolean preFlightRequest)

Handle the given request.

checkOrigin

protected String checkOrigin(CorsConfiguration config,
                             String requestOrigin)

Check the origin and determine the origin for the response. The default implementation simply delegates to CorsConfiguration.checkOrigin(String).

checkMethods

protected List<HttpMethod> checkMethods(CorsConfiguration config,
                                        HttpMethod requestMethod)

Check the HTTP method and determine the methods for the response of a pre-flight request. The default implementation simply delegates to CorsConfiguration.checkOrigin(String).

checkHeaders

protected List<String> checkHeaders(CorsConfiguration config,
                                    List<String> requestHeaders)

Check the headers and determine the headers for the response of a pre-flight request. The default implementation simply delegates to CorsConfiguration.checkOrigin(String).