java.lang.Object

io.micronaut.http.server.cors.CorsFilter

All Implemented Interfaces:: io.micronaut.core.order.Ordered, io.micronaut.http.filter.ConditionalFilter

@ServerFilter("/**") public class CorsFilter extends Object implements io.micronaut.core.order.Ordered, io.micronaut.http.filter.ConditionalFilter

Responsible for handling CORS requests and responses.

Since:: 1.0

Field Summary

Fields

Modifier and Type

Field

Description

static final int

CORS_FILTER_ORDER

protected final HttpServerConfiguration.CorsConfiguration

corsConfiguration

Fields inherited from interface io.micronaut.core.order.Ordered
HIGHEST_PRECEDENCE, LOWEST_PRECEDENCE
Constructor Summary

Constructors

Constructor

Description

CorsFilter(HttpServerConfiguration.CorsConfiguration corsConfiguration, @Nullable HttpHostResolver httpHostResolver)
Method Summary

Modifier and Type

Method

Description

final @Nullable io.micronaut.http.HttpResponse<?>

filterRequest(io.micronaut.http.HttpRequest<?> request)

final void

filterResponse(io.micronaut.http.HttpRequest<?> request, io.micronaut.http.MutableHttpResponse<?> response)

int

getOrder()

boolean

isEnabled(io.micronaut.http.HttpRequest<?> request)

protected void

setAllowCredentials(CorsOriginConfiguration config, io.micronaut.http.MutableHttpResponse<?> response)

protected void

setAllowHeaders(List<?> optionalAllowHeaders, io.micronaut.http.MutableHttpResponse<?> response)

protected void

setAllowMethods(io.micronaut.http.HttpMethod method, io.micronaut.http.MutableHttpResponse<?> response)

protected void

setAllowPrivateNetwork(CorsOriginConfiguration config, io.micronaut.http.MutableHttpResponse<?> response)

Sets the HTTP Header "Access-Control-Allow-Private-Network" in the response to true, if the CorsOriginConfiguration.isAllowPrivateNetwork() is true.

protected void

setExposeHeaders(List<String> exposedHeaders, io.micronaut.http.MutableHttpResponse<?> response)

protected void

setMaxAge(long maxAge, io.micronaut.http.MutableHttpResponse<?> response)

protected void

setOrigin(@Nullable String origin, @NonNull io.micronaut.http.MutableHttpResponse<?> response)

protected void

setVary(io.micronaut.http.MutableHttpResponse<?> response)

protected boolean

shouldDenyToPreventDriveByLocalhostAttack(@NonNull CorsOriginConfiguration corsOriginConfiguration, @NonNull io.micronaut.http.HttpRequest<?> request)

protected boolean

shouldDenyToPreventDriveByLocalhostAttack(@NonNull String origin, @NonNull io.micronaut.http.HttpRequest<?> request)

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details
- CORS_FILTER_ORDER
  
  public static final int CORS_FILTER_ORDER
- corsConfiguration
  
  protected final HttpServerConfiguration.CorsConfiguration corsConfiguration
Constructor Details
- CorsFilter
  
  public CorsFilter(HttpServerConfiguration.CorsConfiguration corsConfiguration, @Nullable @Nullable HttpHostResolver httpHostResolver)
  
  Parameters:
  
  corsConfiguration - The CorsOriginConfiguration instance
  
  httpHostResolver - HTTP Host resolver
Method Details
- isEnabled
  
  public boolean isEnabled(io.micronaut.http.HttpRequest<?> request)
  
  Specified by:
  
  isEnabled in interface io.micronaut.http.filter.ConditionalFilter
- filterRequest
  
  @RequestFilter @Nullable @Internal public final @Nullable io.micronaut.http.HttpResponse<?> filterRequest(io.micronaut.http.HttpRequest<?> request)
- filterResponse
  
  @ResponseFilter @Internal public final void filterResponse(io.micronaut.http.HttpRequest<?> request, io.micronaut.http.MutableHttpResponse<?> response)
- shouldDenyToPreventDriveByLocalhostAttack
  
  protected boolean shouldDenyToPreventDriveByLocalhostAttack(@NonNull @NonNull CorsOriginConfiguration corsOriginConfiguration, @NonNull @NonNull io.micronaut.http.HttpRequest<?> request)
  
  Parameters:
  
  corsOriginConfiguration - CORS Origin configuration for request's HTTP Header origin.
  
  request - HTTP Request
  
  Returns:
  
  true if the resolved host is localhost or 127.0.0.1 address and the CORS configuration has any for allowed origins.
- shouldDenyToPreventDriveByLocalhostAttack
  
  protected boolean shouldDenyToPreventDriveByLocalhostAttack(@NonNull @NonNull String origin, @NonNull @NonNull io.micronaut.http.HttpRequest<?> request)
  
  Parameters:
  
  origin - HTTP Header HttpHeaders.ORIGIN value.
  
  request - HTTP Request
  
  Returns:
  
  true if the resolved host is localhost or 127.0.0.1 and origin is not one of these then deny it.
- getOrder
  
  public int getOrder()
  
  Specified by:
  
  getOrder in interface io.micronaut.core.order.Ordered
- setAllowCredentials
  
  protected void setAllowCredentials(CorsOriginConfiguration config, io.micronaut.http.MutableHttpResponse<?> response)
  
  Parameters:
  
  config - The CorsOriginConfiguration instance
  
  response - The MutableHttpResponse object
- setAllowPrivateNetwork
  
  protected void setAllowPrivateNetwork(CorsOriginConfiguration config, io.micronaut.http.MutableHttpResponse<?> response)
  
  Sets the HTTP Header "Access-Control-Allow-Private-Network" in the response to true, if the CorsOriginConfiguration.isAllowPrivateNetwork() is true.
  
  Parameters:
  
  config - The CorsOriginConfiguration instance
  
  response - The MutableHttpResponse object
- setExposeHeaders
  
  protected void setExposeHeaders(List<String> exposedHeaders, io.micronaut.http.MutableHttpResponse<?> response)
  
  Parameters:
  
  exposedHeaders - A list of the exposed headers
  
  response - The MutableHttpResponse object
- setVary
  
  protected void setVary(io.micronaut.http.MutableHttpResponse<?> response)
  
  Parameters:
  
  response - The MutableHttpResponse object
- setOrigin
  
  protected void setOrigin(@Nullable @Nullable String origin, @NonNull @NonNull io.micronaut.http.MutableHttpResponse<?> response)
  
  Parameters:
  
  origin - The origin
  
  response - The MutableHttpResponse object
- setAllowMethods
  
  protected void setAllowMethods(io.micronaut.http.HttpMethod method, io.micronaut.http.MutableHttpResponse<?> response)
  
  Parameters:
  
  method - The HttpMethod object
  
  response - The MutableHttpResponse object
- setAllowHeaders
  
  protected void setAllowHeaders(List<?> optionalAllowHeaders, io.micronaut.http.MutableHttpResponse<?> response)
  
  Parameters:
  
  optionalAllowHeaders - A list with optional allow headers
  
  response - The MutableHttpResponse object
- setMaxAge
  
  protected void setMaxAge(long maxAge, io.micronaut.http.MutableHttpResponse<?> response)
  
  Parameters:
  
  maxAge - The max age
  
  response - The MutableHttpResponse object

Class CorsFilter

Field Summary

Fields inherited from interface io.micronaut.core.order.Ordered

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Details

CORS_FILTER_ORDER

corsConfiguration

Constructor Details

CorsFilter

Method Details

isEnabled

filterRequest

filterResponse

shouldDenyToPreventDriveByLocalhostAttack

shouldDenyToPreventDriveByLocalhostAttack

getOrder

setAllowCredentials

setAllowPrivateNetwork

setExposeHeaders

setVary

setOrigin

setAllowMethods

setAllowHeaders

setMaxAge