Class CorsUtils
- java.lang.Object
- org.springframework.web.cors.reactive.CorsUtils
public abstract class CorsUtils extends Object
Utility class for CORS reactive request handling based on the CORS W3C recommendation.- Since:
- 5.0
- Author:
- Sebastien Deleuze
Constructor Summary
Constructors Constructor Description CorsUtils()
Method Summary
All Methods Static Methods Concrete Methods Deprecated Methods Modifier and Type Method Description static boolean
isCorsRequest(ServerHttpRequest request)
Returnstrue
if the request is a valid CORS one by checkingOrigin
header presence and ensuring that origins are different viaisSameOrigin(org.springframework.http.server.reactive.ServerHttpRequest)
.static boolean
isPreFlightRequest(ServerHttpRequest request)
Returnstrue
if the request is a valid CORS pre-flight one by checking {code OPTIONS} method withOrigin
andAccess-Control-Request-Method
headers presence.static boolean
isSameOrigin(ServerHttpRequest request)
Deprecated.as of 5.2, same-origin checks are performed directly byisCorsRequest(org.springframework.http.server.reactive.ServerHttpRequest)
Constructor Detail
CorsUtils
public CorsUtils()
Method Detail
isCorsRequest
public static boolean isCorsRequest(ServerHttpRequest request)
Returnstrue
if the request is a valid CORS one by checkingOrigin
header presence and ensuring that origins are different viaisSameOrigin(org.springframework.http.server.reactive.ServerHttpRequest)
.
isPreFlightRequest
public static boolean isPreFlightRequest(ServerHttpRequest request)
Returnstrue
if the request is a valid CORS pre-flight one by checking {code OPTIONS} method withOrigin
andAccess-Control-Request-Method
headers presence.
isSameOrigin
@Deprecated public static boolean isSameOrigin(ServerHttpRequest request)
Deprecated.as of 5.2, same-origin checks are performed directly byisCorsRequest(org.springframework.http.server.reactive.ServerHttpRequest)
Check if the request is a same-origin one, based onOrigin
, andHost
headers.Note: as of 5.1 this method ignores
"Forwarded"
and"X-Forwarded-*"
headers that specify the client-originated address. Consider using theForwardedHeaderFilter
to extract and use, or to discard such headers.- Returns:
true
if the request is a same-origin one,false
in case of a cross-origin request