程序包 org.springframework.web.servlet.config.annotation

类 CorsRegistration

  • public class CorsRegistration
extends Object
    Assists with the creation of a CorsConfiguration instance mapped to a path pattern. By default all origins, headers, and credentials for GET, HEAD, and POST requests are allowed while the max age is set to 30 minutes.
    从以下版本开始:
    4.2
    作者:
    Sebastien Deleuze, Rossen Stoyanchev, Sam Brannen
    另请参阅:
    CorsConfiguration, CorsRegistry

    • 构造器详细资料

      • CorsRegistration

        public CorsRegistration​(String pathPattern)
        Create a new CorsRegistration that allows all origins, headers, and credentials for GET, HEAD, and POST requests with max age set to 1800 seconds (30 minutes) for the specified path.
        参数:
        pathPattern - the path that the CORS configuration should apply to; exact path mapping URIs (such as "/admin") are supported as well as Ant-style path patterns (such as "/admin/**").

    • 方法详细资料

      • allowedOrigins

        public CorsRegistration allowedOrigins​(String... origins)
        Set the origins to allow, e.g. "https://domain1.com".

        The special value "*" allows all domains.

        By default, all origins are allowed.

        Note: CORS checks use values from "Forwarded" (RFC 7239), "X-Forwarded-Host", "X-Forwarded-Port", and "X-Forwarded-Proto" headers, if present, in order to reflect the client-originated address. Consider using the ForwardedHeaderFilter in order to choose from a central place whether to extract and use, or to discard such headers. See the Spring Framework reference for more on this filter.

      • allowedMethods

        public CorsRegistration allowedMethods​(String... methods)
        Set the HTTP methods to allow, e.g. "GET", "POST", etc.

        The special value "*" allows all methods.

        By default "simple" methods GET, HEAD, and POST are allowed.

      • allowedHeaders

        public CorsRegistration allowedHeaders​(String... headers)
        Set the list of headers that a pre-flight request can list as allowed for use during an actual request.

        The special value "*" may be used to allow all headers.

        A header name is not required to be listed if it is one of: Cache-Control, Content-Language, Expires, Last-Modified, or Pragma as per the CORS spec.

        By default all headers are allowed.

      • exposedHeaders

        public CorsRegistration exposedHeaders​(String... headers)
        Set the list of response headers other than "simple" headers, i.e. Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, or Pragma, that an actual response might have and can be exposed.

        Note that "*" is not supported on this property.

        By default this is not set.

      • maxAge

        public CorsRegistration maxAge​(long maxAge)
        Configure how long in seconds the response from a pre-flight request can be cached by clients.

        By default this is set to 1800 seconds (30 minutes).

      • allowCredentials

        public CorsRegistration allowCredentials​(boolean allowCredentials)
        Whether user credentials are supported in which case the browser should include any cookies associated with the domain of the request being annotated.

        By default this is false and user credentials are not allowed.