CrossOrigin (spring-web 4.2.0.RC1 API)

```
@Target(value={METHOD,TYPE})
 @Retention(value=RUNTIME)
 @Documented
public @interface CrossOrigin
```
Marks the annotated method as permitting cross origin requests. By default, all origins and headers are permitted.

Since:

4.2

Author:

Russell Allen, Sebastien Deleuze

Optional Element Summary

Optional Elements
Modifier and Type	Optional Element and Description
`String`	`allowCredentials` Set to `"true"` if the the browser should include any cookies associated to the domain of the request being annotated, or "false" if it should not.
`String[]`	`allowedHeaders` Indicates which request headers can be used during the actual request.
`String[]`	`exposedHeaders` List of response headers that the user-agent will allow the client to access.
`long`	`maxAge` Controls the cache duration for pre-flight responses.
`RequestMethod[]`	`method` The HTTP request methods to allow: GET, POST, HEAD, OPTIONS, PUT, PATCH, DELETE, TRACE.
`String[]`	`origin` List of allowed origins.

- Element Detail
  - origin
```
public abstract String[] origin
```
    List of allowed origins. "*" means that all origins are allowed. These values are placed in the Access-Control-Allow-Origin header of both the pre-flight and actual responses. Default value is "*".
    
    Default:
    
    "*"
- - allowedHeaders
```
public abstract String[] allowedHeaders
```
    Indicates which request headers can be used during the actual request. "*" means that all headers asked by the client are allowed. This property controls the value of pre-flight response's Access-Control-Allow-Headers header. Default value is "*".
    
    Default:
    
    "*"
- - exposedHeaders
```
public abstract String[] exposedHeaders
```
    List of response headers that the user-agent will allow the client to access. This property controls the value of actual response's Access-Control-Expose-Headers header.
    
    Default:
    
    {}
- - method
```
public abstract RequestMethod[] method
```
    The HTTP request methods to allow: GET, POST, HEAD, OPTIONS, PUT, PATCH, DELETE, TRACE. Methods specified here overrides RequestMapping ones.
    
    Default:
    
    {}
- - allowCredentials
```
public abstract String allowCredentials
```
    Set to "true" if the the browser should include any cookies associated to the domain of the request being annotated, or "false" if it should not. Empty string "" means undefined. If true, the pre-flight response will include the header Access-Control-Allow-Credentials=true. Default value is "true".
    
    Default:
    
    "true"
- - maxAge
```
public abstract long maxAge
```
    Controls the cache duration for pre-flight responses. Setting this to a reasonable value can reduce the number of pre-flight request/response interaction required by the browser. This property controls the value of the Access-Control-Max-Age header in the pre-flight response. Value set to -1 means undefined. Default value is 1800 seconds, or 30 minutes.
    
    Default:
    
    1800L

Annotation Type CrossOrigin

Optional Element Summary

Element Detail

origin

allowedHeaders

exposedHeaders

method

allowCredentials

maxAge