Package io.micronaut.http.server.cors

Class CorsFilter

  • All Implemented Interfaces:
    io.micronaut.core.order.Ordered, io.micronaut.http.filter.HttpFilter, io.micronaut.http.filter.HttpServerFilter
    @Filter("/**")
public class CorsFilter
extends java.lang.Object
implements io.micronaut.http.filter.HttpServerFilter
    Responsible for handling CORS requests and responses.
    Since:
    1.0

    • Method Detail

      • doFilter

        public org.reactivestreams.Publisher<io.micronaut.http.MutableHttpResponse<?>> doFilter​(io.micronaut.http.HttpRequest<?> request,
                                                                                        io.micronaut.http.filter.ServerFilterChain chain)
        Specified by:
        doFilter in interface io.micronaut.http.filter.HttpServerFilter

      • shouldDenyToPreventDriveByLocalhostAttack

        protected boolean shouldDenyToPreventDriveByLocalhostAttack​(@NonNull
                                                            CorsOriginConfiguration corsOriginConfiguration,
                                                            @NonNull
                                                            io.micronaut.http.HttpRequest<?> request)
        Parameters:
        corsOriginConfiguration - CORS Origin configuration for request's HTTP Header origin.
        request - HTTP Request
        Returns:
        true if the resolved host is localhost or 127.0.0.1 address and the CORS configuration has any for allowed origins.

      • shouldDenyToPreventDriveByLocalhostAttack

        protected boolean shouldDenyToPreventDriveByLocalhostAttack​(@NonNull
                                                            java.lang.String origin,
                                                            @NonNull
                                                            io.micronaut.http.HttpRequest<?> request)
        Parameters:
        origin - HTTP Header HttpHeaders.ORIGIN value.
        request - HTTP Request
        Returns:
        true if the resolved host is localhost or 127.0.0.1 and origin is not one of these then deny it.

      • getOrder

        public int getOrder()
        Specified by:
        getOrder in interface io.micronaut.core.order.Ordered

      • handleResponse

        @Deprecated
protected void handleResponse​(io.micronaut.http.HttpRequest<?> request,
                              io.micronaut.http.MutableHttpResponse<?> response)
        Deprecated.
        not used
        Handles a CORS response.
        Parameters:
        request - The HttpRequest object
        response - The MutableHttpResponse object

      • handleRequest

        @Deprecated
protected java.util.Optional<io.micronaut.http.MutableHttpResponse<?>> handleRequest​(io.micronaut.http.HttpRequest request)
        Deprecated.
        Not used any more.
        Handles a CORS HttpRequest.
        Parameters:
        request - The HttpRequest object
        Returns:
        An optional MutableHttpResponse. The request should proceed normally if empty

      • setAllowCredentials

        protected void setAllowCredentials​(CorsOriginConfiguration config,
                                   io.micronaut.http.MutableHttpResponse<?> response)
        Parameters:
        config - The CorsOriginConfiguration instance
        response - The MutableHttpResponse object

      • setExposeHeaders

        protected void setExposeHeaders​(java.util.List<java.lang.String> exposedHeaders,
                                io.micronaut.http.MutableHttpResponse<?> response)
        Parameters:
        exposedHeaders - A list of the exposed headers
        response - The MutableHttpResponse object

      • setVary

        protected void setVary​(io.micronaut.http.MutableHttpResponse<?> response)
        Parameters:
        response - The MutableHttpResponse object

      • setOrigin

        protected void setOrigin​(@Nullable
                         java.lang.String origin,
                         @NonNull
                         io.micronaut.http.MutableHttpResponse<?> response)
        Parameters:
        origin - The origin
        response - The MutableHttpResponse object

      • setAllowMethods

        protected void setAllowMethods​(io.micronaut.http.HttpMethod method,
                               io.micronaut.http.MutableHttpResponse<?> response)
        Parameters:
        method - The HttpMethod object
        response - The MutableHttpResponse object

      • setAllowHeaders

        protected void setAllowHeaders​(java.util.List<?> optionalAllowHeaders,
                               io.micronaut.http.MutableHttpResponse<?> response)
        Parameters:
        optionalAllowHeaders - A list with optional allow headers
        response - The MutableHttpResponse object

      • setMaxAge

        protected void setMaxAge​(long maxAge,
                         io.micronaut.http.MutableHttpResponse<?> response)
        Parameters:
        maxAge - The max age
        response - The MutableHttpResponse object