Class DefaultCorsProcessor
- java.lang.Object
- org.springframework.web.cors.reactive.DefaultCorsProcessor
- All Implemented Interfaces:
CorsProcessor
public class DefaultCorsProcessor extends Object implements CorsProcessor
The default implementation ofCorsProcessor
, as defined by the CORS W3C recommendation.Note that when input
CorsConfiguration
isnull
, this implementation does not reject simple or actual requests outright but simply avoid adding CORS headers to the response. CORS processing is also skipped if the response already contains CORS headers.- Since:
- 5.0
- Author:
- Sebastien Deleuze, Rossen Stoyanchev
Constructor Summary
Constructors Constructor Description DefaultCorsProcessor()
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected List<String>
checkHeaders(CorsConfiguration config, List<String> requestHeaders)
Check the headers and determine the headers for the response of a pre-flight request.protected List<HttpMethod>
checkMethods(CorsConfiguration config, HttpMethod requestMethod)
Check the HTTP method and determine the methods for the response of a pre-flight request.protected String
checkOrigin(CorsConfiguration config, String requestOrigin)
Check the origin and determine the origin for the response.protected boolean
handleInternal(ServerWebExchange exchange, CorsConfiguration config, boolean preFlightRequest)
Handle the given request.boolean
process(CorsConfiguration config, ServerWebExchange exchange)
Process a request using the givenCorsConfiguration
.protected void
rejectRequest(ServerHttpResponse response)
Invoked when one of the CORS checks failed.
Constructor Detail
DefaultCorsProcessor
public DefaultCorsProcessor()
Method Detail
process
public boolean process(@Nullable CorsConfiguration config, ServerWebExchange exchange)
Description copied from interface:CorsProcessor
Process a request using the givenCorsConfiguration
.- Specified by:
process
in interfaceCorsProcessor
- Parameters:
config
- the CORS configuration to use; possiblynull
in which case pre-flight requests are rejected, but all others allowed.exchange
- the current exchange- Returns:
false
if the request was rejected,true
otherwise
rejectRequest
protected void rejectRequest(ServerHttpResponse response)
Invoked when one of the CORS checks failed.
handleInternal
protected boolean handleInternal(ServerWebExchange exchange, CorsConfiguration config, boolean preFlightRequest)
Handle the given request.
checkOrigin
@Nullable protected String checkOrigin(CorsConfiguration config, @Nullable String requestOrigin)
Check the origin and determine the origin for the response. The default implementation simply delegates toCorsConfiguration.checkOrigin(String)
.
checkMethods
@Nullable protected List<HttpMethod> checkMethods(CorsConfiguration config, @Nullable HttpMethod requestMethod)
Check the HTTP method and determine the methods for the response of a pre-flight request. The default implementation simply delegates toCorsConfiguration.checkHttpMethod(HttpMethod)
.
checkHeaders
@Nullable protected List<String> checkHeaders(CorsConfiguration config, List<String> requestHeaders)
Check the headers and determine the headers for the response of a pre-flight request. The default implementation simply delegates toCorsConfiguration.checkOrigin(String)
.