io.vertx.ext.web.handler

Interface CorsHandler

All Superinterfaces:

Handler<RoutingContext>, SecurityPolicyHandler

public interface CorsHandler
extends SecurityPolicyHandler

A handler which implements server side http://www.w3.org/TR/cors/[CORS] support for Vert.x-Web.

Author:

Tim Fox, Paulo Lopes

Method Summary

Modifier and Type	Method and Description
CorsHandler	addOrigin(String origin) Add an origin to the list of allowed Origins.
CorsHandler	addOrigins(List<String> origins) Set the list of allowed origins.
CorsHandler	addRelativeOrigin(String origin) Add a relative origin to the list of allowed Origins.
CorsHandler	addRelativeOrigins(List<String> origins) Set the list of allowed relative origins.
CorsHandler	allowCredentials(boolean allow) Set whether credentials are allowed.
CorsHandler	allowedHeader(String headerName) Add an allowed header
CorsHandler	allowedHeaders(Set<String> headerNames) Add a set of allowed headers
CorsHandler	allowedMethod(HttpMethod method) Add an allowed method
CorsHandler	allowedMethods(Set<HttpMethod> methods) Add a set of allowed methods
CorsHandler	allowPrivateNetwork(boolean allow) Set whether access from public to private networks are allowed.
static CorsHandler	create() Create a empty CORS handler that allows * origin.
static CorsHandler	create(String allowedOriginPattern) Deprecated. patterns should use the relative origin method. Create a CORS handler using a regular expression to match origins. An origin follows rfc6454#section-7 and is expected to have the format: <scheme> "://" <hostname> [ ":" <port> ]
CorsHandler	exposedHeader(String headerName) Add an exposed header
CorsHandler	exposedHeaders(Set<String> headerNames) Add a set of exposed headers
CorsHandler	maxAgeSeconds(int maxAgeSeconds) Set how long the browser should cache the information

Methods inherited from interface io.vertx.core.Handler

handle

Method Detail

create

@Deprecated
static CorsHandler create(String allowedOriginPattern)

Deprecated. patterns should use the relative origin method. Create a CORS handler using a regular expression to match origins. An origin follows rfc6454#section-7 and is expected to have the format: <scheme> "://" <hostname> [ ":" <port> ]

Parameters:

allowedOriginPattern - the allowed origin pattern

Returns:

the handler

create

static CorsHandler create()

Create a empty CORS handler that allows * origin.

Returns:

the handler

addOrigin

CorsHandler addOrigin(String origin)

Add an origin to the list of allowed Origins. An origin follows rfc6454#section-7 and is expected to have the format: <scheme> "://" <hostname> [ ":" <port> ]

Parameters:

origin - the well formatted static origin

Returns:

self

addRelativeOrigins

CorsHandler addRelativeOrigins(List<String> origins)

Set the list of allowed relative origins. A relative origin is a regex that should match the format <scheme> "://" <hostname> [ ":" <port> ].

Parameters:

origins - the well formatted relative origin list

Returns:

self

addRelativeOrigin

CorsHandler addRelativeOrigin(String origin)

Add a relative origin to the list of allowed Origins. A relative origin is a regex that should match the format <scheme> "://" <hostname> [ ":" <port> ].

Parameters:

origin - the well formatted static origin

Returns:

self

addOrigins

CorsHandler addOrigins(List<String> origins)

Set the list of allowed origins. An origin follows rfc6454#section-7 and is expected to have the format: <scheme> "://" <hostname> [ ":" <port> ]

Parameters:

origins - the well formatted static origin list

Returns:

self

allowedMethod

CorsHandler allowedMethod(HttpMethod method)

Add an allowed method

Parameters:

method - the method to add

Returns:

a reference to this, so the API can be used fluently

allowedMethods

CorsHandler allowedMethods(Set<HttpMethod> methods)

Add a set of allowed methods

Parameters:

methods - the methods to add

Returns:

a reference to this, so the API can be used fluently

allowedHeader

CorsHandler allowedHeader(String headerName)

Add an allowed header

Parameters:

headerName - the allowed header name

Returns:

a reference to this, so the API can be used fluently

allowedHeaders

CorsHandler allowedHeaders(Set<String> headerNames)

Add a set of allowed headers

Parameters:

headerNames - the allowed header names

Returns:

a reference to this, so the API can be used fluently

exposedHeader

CorsHandler exposedHeader(String headerName)

Add an exposed header

Parameters:

headerName - the exposed header name

Returns:

a reference to this, so the API can be used fluently

exposedHeaders

CorsHandler exposedHeaders(Set<String> headerNames)

Add a set of exposed headers

Parameters:

headerNames - the exposed header names

Returns:

a reference to this, so the API can be used fluently

allowCredentials

CorsHandler allowCredentials(boolean allow)

Set whether credentials are allowed. Note that user agents will block requests that use a wildcard as origin and include credentials. From the MDN documentation you can read:

Important note: when responding to a credentialed request, server must specify a domain, and cannot use wild carding.

Parameters:

allow - true if allowed

Returns:

a reference to this, so the API can be used fluently

maxAgeSeconds

CorsHandler maxAgeSeconds(int maxAgeSeconds)

Set how long the browser should cache the information

Parameters:

maxAgeSeconds - max age in seconds

Returns:

a reference to this, so the API can be used fluently

allowPrivateNetwork

CorsHandler allowPrivateNetwork(boolean allow)

Set whether access from public to private networks are allowed. Defaults to false

Parameters:

allow - true if allowed

Returns:

a reference to this, so the API can be used fluently