Package org.apache.cxf.rs.security.cors
Annotation Type CrossOriginResourceSharing
Attach CORS information
to a resource. This annotation is read by
CrossOriginResourceSharingFilter.
If this annotation is present on a method, or
on the method's class (or its superclasses), then it completely
overrides any parameters set in CrossOriginResourceSharingFilter.
If a particular parameter of this annotation is not specified, then the
default value is used, not the parameters of the filter.
Note that the CORS specification censors the headers on a
preflight OPTIONS request. As a result, the filter cannot determine
exactly which method corresponds to the request, and so uses only
class-level annotations to set policies.-
Optional Element Summary
Optional ElementsModifier and TypeOptional ElementDescriptionbooleanIf true, this resource will returnbooleanIf true, this resource will returnString[]A list of headers that the client may include in an actual request.String[]A list of permitted origins.String[]A list of headers to return in Access-Control-Expose-Headers.intThe value to return in Access-Control-Max-Age.
-
Element Details
-
allowAllOrigins
boolean allowAllOriginsIf true, this resource will returnAccess-Control-Allow-Origin: *
for a valid request- Default:
- false
-
allowOrigins
String[] allowOriginsA list of permitted origins. It is ignored ifallowAllOrigins()returns true- Default:
- {}
-
allowHeaders
String[] allowHeadersA list of headers that the client may include in an actual request. All the headers listed in the Access-Control-Request-Headers will be allowed if the list is empty- Default:
- {}
-
allowCredentials
boolean allowCredentialsIf true, this resource will returnAccess-Control-Allow-Credentials: true
- Default:
- false
-
exposeHeaders
String[] exposeHeadersA list of headers to return in Access-Control-Expose-Headers.- Default:
- {}
-
maxAge
int maxAgeThe value to return in Access-Control-Max-Age. If this is negative, then no header is returned. The default value is -1.- Default:
- -1
-