Class DefaultCorsProcessor
- java.lang.Object
- org.springframework.web.cors.reactive.DefaultCorsProcessor
- All Implemented Interfaces:
CorsProcessor
public class DefaultCorsProcessor extends Object implements CorsProcessor
The default implementation ofCorsProcessor, as defined by the CORS W3C recommendation.Note that when input
CorsConfigurationisnull, this implementation does not reject simple or actual requests outright but simply avoid adding CORS headers to the response. CORS processing is also skipped if the response already contains CORS headers.- Since:
- 5.0
- Author:
- Sebastien Deleuze, Rossen Stoyanchev
Constructor Summary
Constructors Constructor Description DefaultCorsProcessor()
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected List<String>checkHeaders(CorsConfiguration config, List<String> requestHeaders)Check the headers and determine the headers for the response of a pre-flight request.protected List<HttpMethod>checkMethods(CorsConfiguration config, HttpMethod requestMethod)Check the HTTP method and determine the methods for the response of a pre-flight request.protected StringcheckOrigin(CorsConfiguration config, String requestOrigin)Check the origin and determine the origin for the response.protected booleanhandleInternal(ServerWebExchange exchange, CorsConfiguration config, boolean preFlightRequest)Handle the given request.booleanprocess(CorsConfiguration config, ServerWebExchange exchange)Process a request using the givenCorsConfiguration.protected voidrejectRequest(ServerHttpResponse response)Invoked when one of the CORS checks failed.
Constructor Detail
DefaultCorsProcessor
public DefaultCorsProcessor()
Method Detail
process
public boolean process(@Nullable CorsConfiguration config, ServerWebExchange exchange)
Description copied from interface:CorsProcessorProcess a request using the givenCorsConfiguration.- Specified by:
processin interfaceCorsProcessor- Parameters:
config- the CORS configuration to use; possiblynullin which case pre-flight requests are rejected, but all others allowed.exchange- the current exchange- Returns:
falseif the request was rejected,trueotherwise
rejectRequest
protected void rejectRequest(ServerHttpResponse response)
Invoked when one of the CORS checks failed.
handleInternal
protected boolean handleInternal(ServerWebExchange exchange, CorsConfiguration config, boolean preFlightRequest)
Handle the given request.
checkOrigin
@Nullable protected String checkOrigin(CorsConfiguration config, @Nullable String requestOrigin)
Check the origin and determine the origin for the response. The default implementation simply delegates toCorsConfiguration.checkOrigin(String).
checkMethods
@Nullable protected List<HttpMethod> checkMethods(CorsConfiguration config, @Nullable HttpMethod requestMethod)
Check the HTTP method and determine the methods for the response of a pre-flight request. The default implementation simply delegates toCorsConfiguration.checkHttpMethod(HttpMethod).
checkHeaders
@Nullable protected List<String> checkHeaders(CorsConfiguration config, List<String> requestHeaders)
Check the headers and determine the headers for the response of a pre-flight request. The default implementation simply delegates toCorsConfiguration.checkOrigin(String).