类 CorsRegistration
- java.lang.Object
- org.springframework.web.reactive.config.CorsRegistration
public class CorsRegistration extends Object
Assists with the creation of aCorsConfiguration
instance for a given URL path pattern.- 从以下版本开始:
- 5.0
- 作者:
- Sebastien Deleuze, Rossen Stoyanchev
- 另请参阅:
CorsConfiguration
,CorsRegistry
构造器概要
构造器 构造器 说明 CorsRegistration(String pathPattern)
方法概要
所有方法 实例方法 具体方法 修饰符和类型 方法 说明 CorsRegistration
allowCredentials(boolean allowCredentials)
Whether the browser should send credentials, such as cookies along with cross domain requests, to the annotated endpoint.CorsRegistration
allowedHeaders(String... headers)
Set the list of headers that a pre-flight request can list as allowed for use during an actual request.CorsRegistration
allowedMethods(String... methods)
Set the HTTP methods to allow, e.g.CorsRegistration
allowedOrigins(String... origins)
The list of allowed origins that be specific origins, e.g.CorsRegistration
exposedHeaders(String... headers)
Set the list of response headers other than "simple" headers, i.e.protected CorsConfiguration
getCorsConfiguration()
protected String
getPathPattern()
CorsRegistration
maxAge(long maxAge)
Configure how long in seconds the response from a pre-flight request can be cached by clients.
构造器详细资料
CorsRegistration
public CorsRegistration(String pathPattern)
方法详细资料
allowedOrigins
public CorsRegistration allowedOrigins(String... origins)
The list of allowed origins that be specific origins, e.g."https://domain1.com"
, or"*"
for all origins.A matched origin is listed in the
Access-Control-Allow-Origin
response header of preflight actual CORS requests.By default all origins are allowed.
Note: CORS checks use values from "Forwarded" (RFC 7239), "X-Forwarded-Host", "X-Forwarded-Port", and "X-Forwarded-Proto" headers, if present, in order to reflect the client-originated address. Consider using the
ForwardedHeaderFilter
in order to choose from a central place whether to extract and use, or to discard such headers. See the Spring Framework reference for more on this filter.
allowedMethods
public CorsRegistration allowedMethods(String... methods)
Set the HTTP methods to allow, e.g."GET"
,"POST"
, etc.The special value
"*"
allows all methods.By default "simple" methods
GET
,HEAD
, andPOST
are allowed.
allowedHeaders
public CorsRegistration allowedHeaders(String... headers)
Set the list of headers that a pre-flight request can list as allowed for use during an actual request.The special value
"*"
may be used to allow all headers.A header name is not required to be listed if it is one of:
Cache-Control
,Content-Language
,Expires
,Last-Modified
, orPragma
as per the CORS spec.By default all headers are allowed.
exposedHeaders
public CorsRegistration exposedHeaders(String... headers)
Set the list of response headers other than "simple" headers, i.e.Cache-Control
,Content-Language
,Content-Type
,Expires
,Last-Modified
, orPragma
, that an actual response might have and can be exposed.The special value
"*"
allows all headers to be exposed for non-credentialed requests.By default this is not set.
allowCredentials
public CorsRegistration allowCredentials(boolean allowCredentials)
Whether the browser should send credentials, such as cookies along with cross domain requests, to the annotated endpoint. The configured value is set on theAccess-Control-Allow-Credentials
response header of preflight requests.NOTE: Be aware that this option establishes a high level of trust with the configured domains and also increases the surface attack of the web application by exposing sensitive user-specific information such as cookies and CSRF tokens.
By default this is not set in which case the
Access-Control-Allow-Credentials
header is also not set and credentials are therefore not allowed.
maxAge
public CorsRegistration maxAge(long maxAge)
Configure how long in seconds the response from a pre-flight request can be cached by clients.By default this is set to 1800 seconds (30 minutes).
getPathPattern
protected String getPathPattern()
getCorsConfiguration
protected CorsConfiguration getCorsConfiguration()