Package de.craftsblock.craftsnet.api.http.cors

Class CorsPolicy

java.lang.Object
de.craftsblock.craftsnet.api.http.cors.CorsPolicy
public class CorsPolicy extends Object
Represents a Cross-Origin Resource Sharing (CORS) policy, which defines how requests from other origins (domains) can interact with the server's resources. This class allows fine-grained control over which origins, methods, and headers are allowed in cross-origin requests, and whether credentials are permitted.

The policy can be customized to either allow or disallow specific origins, http methods, headers, and control headers exposure.

Important: The cors policy is applied to an exchange automatically. You don't need to take further actions!

Since:
3.1.0

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final String
    ALLOW_CREDENTIALS_HEADER
    The http header that indicates whether the response to the request can be exposed when the credentials flag is true.
    static final String
    ALLOW_HEADERS_HEADER
    The http header that defines which custom request headers are allowed during a CORS request.
    static final String
    ALLOW_METHODS_HEADER
    The http header that indicates which http methods are permitted when accessing the resource.
    static final String
    ALLOW_ORIGIN_HEADER
    The http header that specifies which origin sites are allowed to access the resource.
    static final String
    EXPOSE_HEADERS_HEADER
    The http header that specifies which headers are safe to expose to the client.
    static final String
    MAX_AGE_HEADER
    The http header that indicates how long the results of a preflight request can be cached.
    static final String
    REQUEST_HEADERS_HEADER
    The http header sent by browsers in preflight requests to indicate which custom headers will be included in the actual request.

  • Constructor Summary

    Constructors
    Constructor
    Description
    CorsPolicy()
    Creates a new, empty CORS policy.

  • Method Summary

    Modifier and Type
    Method
    Description
    void
    addAllowedHeader(String... headers)
    Adds one or more http headers to the list of allowed headers for cross-origin requests.
    void
    addAllowedMethod(HttpMethod... methods)
    Adds one or more http methods to the list of allowed methods for cross-origin requests.
    void
    addAllowedOrigin(String... origins)
    Adds one or more origins to the list of allowed origins for cross-origin requests.
    void
    addExposedHeader(String... headers)
    Adds one or more http headers to the list of headers exposed to the client.
    void
    allowAllHeaders()
    Allows all http headers for cross-origin requests, meaning any header can be sent from the client.
    void
    allowAllMethods()
    Allows all http methods (e.g., GET, POST, DELETE) for cross-origin requests.
    void
    allowAllOrigins()
    Allows all origins for cross-origin requests.
    void
    allowCredentials()
    Allows credentials (such as cookies or authentication data) in cross-origin requests.
    void
    apply(Exchange exchange)
    Applies the current CORS policy to an Exchange object by adding appropriate headers to the response based on the allowed origins, methods, headers, and credentials.
    void
    disable()
    Resets the CORS policy by disabling all settings and restoring it to its default state.
    void
    disallowAllHeaders()
    Disallows all headers, requiring cross-origin requests to specify only permitted headers.
    void
    disallowAllMethods()
    Disallows all http methods, limiting cross-origin requests to only specific methods.
    void
    disallowAllOrigins()
    Disallows all origins, restricting cross-origin requests to specific origins if set.
    void
    disallowCredentials()
    Disallows credentials in cross-origin requests.
    @Unmodifiable List<String>
    getAllowedHeaders()
    Retrieves the list of allowed http headers for cross-origin requests.
    @Unmodifiable List<HttpMethod>
    getAllowedMethods()
    Retrieves the list of allowed http methods for cross-origin requests.
    @Unmodifiable List<String>
    getAllowedOrigins()
    Retrieves the list of allowed origins for cross-origin requests.
    int
    getControlMaxAge()
    Retrieves the maximum age in seconds for how long preflight request results can be cached by the client.
    @Unmodifiable List<String>
    getExposedHeaders()
    Retrieves the list of exposed headers that the client can access.
    boolean
    isAllowAllHeaders()
    Checks if all http headers are allowed for cross-origin requests.
    boolean
    isAllowAllMethods()
    Checks if all http methods are allowed for cross-origin requests.
    boolean
    isAllowAllOrigins()
    Checks if all origins are allowed for cross-origin requests.
    boolean
    isAllowCredentials()
    Checks if credentials (such as cookies) are allowed in cross-origin requests.
    void
    removeAllowedHeader(String... headers)
    Removes one or more http headers from the list of allowed headers.
    void
    removeAllowedOrigin(HttpMethod... methods)
    Removes one or more http methods from the list of allowed methods.
    void
    removeAllowedOrigin(String... origins)
    Removes one or more origins from the list of allowed origins.
    void
    removeExposedHeader(String... headers)
    Removes one or more headers from the list of exposed headers.
    void
    setControlMaxAge(@org.jetbrains.annotations.Range(from=-1L, to=2147483647L) int controlMaxAge)
    Sets the maximum age (in seconds) for how long the results of a preflight request can be cached by the client.
    void
    update(CorsPolicy policy)
    Updates the current CORS policy by copying the settings from another policy.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

    • ALLOW_ORIGIN_HEADER

      public static final String ALLOW_ORIGIN_HEADER
      The http header that specifies which origin sites are allowed to access the resource.
      See Also:

    • ALLOW_METHODS_HEADER

      public static final String ALLOW_METHODS_HEADER
      The http header that indicates which http methods are permitted when accessing the resource.
      See Also:

    • ALLOW_HEADERS_HEADER

      public static final String ALLOW_HEADERS_HEADER
      The http header that defines which custom request headers are allowed during a CORS request.
      See Also:

    • EXPOSE_HEADERS_HEADER

      public static final String EXPOSE_HEADERS_HEADER
      The http header that specifies which headers are safe to expose to the client.
      See Also:

    • ALLOW_CREDENTIALS_HEADER

      public static final String ALLOW_CREDENTIALS_HEADER
      The http header that indicates whether the response to the request can be exposed when the credentials flag is true.
      See Also:

    • MAX_AGE_HEADER

      public static final String MAX_AGE_HEADER
      The http header that indicates how long the results of a preflight request can be cached.
      See Also:

    • REQUEST_HEADERS_HEADER

      public static final String REQUEST_HEADERS_HEADER
      The http header sent by browsers in preflight requests to indicate which custom headers will be included in the actual request.
      See Also:

  • Constructor Details

    • CorsPolicy

      public CorsPolicy()
      Creates a new, empty CORS policy. By default, all origins, methods, and headers are disallowed, and credentials are not allowed. Specific settings can be configured using the provided methods.

  • Method Details

    • allowAllOrigins

      public void allowAllOrigins()
      Allows all origins for cross-origin requests. Once enabled, any domain can make requests to the server.

    • disallowAllOrigins

      public void disallowAllOrigins()
      Disallows all origins, restricting cross-origin requests to specific origins if set.

    • allowAllMethods

      public void allowAllMethods()
      Allows all http methods (e.g., GET, POST, DELETE) for cross-origin requests.

    • disallowAllMethods

      public void disallowAllMethods()
      Disallows all http methods, limiting cross-origin requests to only specific methods.

    • allowAllHeaders

      public void allowAllHeaders()
      Allows all http headers for cross-origin requests, meaning any header can be sent from the client.

    • disallowAllHeaders

      public void disallowAllHeaders()
      Disallows all headers, requiring cross-origin requests to specify only permitted headers.

    • allowCredentials

      public void allowCredentials()
      Allows credentials (such as cookies or authentication data) in cross-origin requests.

    • disallowCredentials

      public void disallowCredentials()
      Disallows credentials in cross-origin requests.

    • addAllowedOrigin

      public void addAllowedOrigin(String... origins)
      Adds one or more origins to the list of allowed origins for cross-origin requests.
      Parameters:
      origins - The origins to be allowed.

    • removeAllowedOrigin

      public void removeAllowedOrigin(String... origins)
      Removes one or more origins from the list of allowed origins.
      Parameters:
      origins - The origins to be removed.

    • addAllowedMethod

      public void addAllowedMethod(HttpMethod... methods)
      Adds one or more http methods to the list of allowed methods for cross-origin requests.
      Parameters:
      methods - The http methods to be allowed.

    • removeAllowedOrigin

      public void removeAllowedOrigin(HttpMethod... methods)
      Removes one or more http methods from the list of allowed methods.
      Parameters:
      methods - The http methods to be removed.

    • addAllowedHeader

      public void addAllowedHeader(String... headers)
      Adds one or more http headers to the list of allowed headers for cross-origin requests.
      Parameters:
      headers - The http headers to be allowed.

    • removeAllowedHeader

      public void removeAllowedHeader(String... headers)
      Removes one or more http headers from the list of allowed headers.
      Parameters:
      headers - The http headers to be removed.

    • addExposedHeader

      public void addExposedHeader(String... headers)
      Adds one or more http headers to the list of headers exposed to the client. Exposed headers can be accessed by the client application.
      Parameters:
      headers - The http headers to be exposed.

    • removeExposedHeader

      public void removeExposedHeader(String... headers)
      Removes one or more headers from the list of exposed headers.
      Parameters:
      headers - The headers to be removed.

    • setControlMaxAge

      public void setControlMaxAge(@org.jetbrains.annotations.Range(from=-1L, to=2147483647L) int controlMaxAge)
      Sets the maximum age (in seconds) for how long the results of a preflight request can be cached by the client.
      Parameters:
      controlMaxAge - The max age in seconds.

    • getAllowedOrigins

      public @Unmodifiable List<String> getAllowedOrigins()
      Retrieves the list of allowed origins for cross-origin requests.
      Returns:
      A list of allowed origins.

    • getAllowedMethods

      public @Unmodifiable List<HttpMethod> getAllowedMethods()
      Retrieves the list of allowed http methods for cross-origin requests.
      Returns:
      A list of allowed http methods.

    • getAllowedHeaders

      public @Unmodifiable List<String> getAllowedHeaders()
      Retrieves the list of allowed http headers for cross-origin requests.
      Returns:
      A list of allowed http headers.

    • getExposedHeaders

      public @Unmodifiable List<String> getExposedHeaders()
      Retrieves the list of exposed headers that the client can access.
      Returns:
      A list of exposed headers.

    • isAllowAllOrigins

      public boolean isAllowAllOrigins()
      Checks if all origins are allowed for cross-origin requests.
      Returns:
      true if all origins are allowed, false otherwise.

    • isAllowAllMethods

      public boolean isAllowAllMethods()
      Checks if all http methods are allowed for cross-origin requests.
      Returns:
      true if all methods are allowed, false otherwise.

    • isAllowAllHeaders

      public boolean isAllowAllHeaders()
      Checks if all http headers are allowed for cross-origin requests.
      Returns:
      true if all headers are allowed, false otherwise.

    • isAllowCredentials

      public boolean isAllowCredentials()
      Checks if credentials (such as cookies) are allowed in cross-origin requests.
      Returns:
      true if credentials are allowed, false otherwise.

    • getControlMaxAge

      public int getControlMaxAge()
      Retrieves the maximum age in seconds for how long preflight request results can be cached by the client.
      Returns:
      The max age, or -1 if not set.

    • disable

      public void disable()
      Resets the CORS policy by disabling all settings and restoring it to its default state.

    • update

      public void update(CorsPolicy policy)
      Updates the current CORS policy by copying the settings from another policy.
      Parameters:
      policy - The policy whose settings should be copied.

    • apply

      @Internal public void apply(Exchange exchange)
      Applies the current CORS policy to an Exchange object by adding appropriate headers to the response based on the allowed origins, methods, headers, and credentials.
      Parameters:
      exchange - The exchange on which to apply the CORS policy.