001/* 002 * Copyright 2002-2015 the original author or authors. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * https://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 */ 016 017package org.springframework.web.cors; 018 019import javax.servlet.http.HttpServletRequest; 020 021import org.springframework.http.HttpHeaders; 022import org.springframework.http.HttpMethod; 023 024/** 025 * Utility class for CORS request handling based on the 026 * <a href="https://www.w3.org/TR/cors/">CORS W3C recommendation</a>. 027 * 028 * @author Sebastien Deleuze 029 * @since 4.2 030 */ 031public abstract class CorsUtils { 032 033 /** 034 * Returns {@code true} if the request is a valid CORS one. 035 */ 036 public static boolean isCorsRequest(HttpServletRequest request) { 037 return (request.getHeader(HttpHeaders.ORIGIN) != null); 038 } 039 040 /** 041 * Returns {@code true} if the request is a valid CORS pre-flight one. 042 */ 043 public static boolean isPreFlightRequest(HttpServletRequest request) { 044 return (isCorsRequest(request) && HttpMethod.OPTIONS.matches(request.getMethod()) && 045 request.getHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD) != null); 046 } 047 048}