Java Code Examples for io.vertx.core.http.HttpMethod#OPTIONS

The following examples show how to use io.vertx.core.http.HttpMethod#OPTIONS . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: SocialAuthHandlerImpl.java    From graviteeio-access-management with Apache License 2.0 6 votes vote down vote up
private boolean handlePreflight(RoutingContext ctx) {
    final HttpServerRequest request = ctx.request();
    // See: https://www.w3.org/TR/cors/#cross-origin-request-with-preflight-0
    // Preflight requests should not be subject to security due to the reason UAs will remove the Authorization header
    if (request.method() == HttpMethod.OPTIONS) {
        // check if there is a access control request header
        final String accessControlRequestHeader = ctx.request().getHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS);
        if (accessControlRequestHeader != null) {
            // lookup for the Authorization header
            for (String ctrlReq : accessControlRequestHeader.split(",")) {
                if (ctrlReq.equalsIgnoreCase("Authorization")) {
                    // this request has auth in access control, so we can allow preflighs without authentication
                    ctx.next();
                    return true;
                }
            }
        }
    }

    return false;
}
 
Example 2
Source File: AuthHandlerImpl.java    From vertx-web with Apache License 2.0 6 votes vote down vote up
private boolean handlePreflight(RoutingContext ctx) {
  final HttpServerRequest request = ctx.request();
  // See: https://www.w3.org/TR/cors/#cross-origin-request-with-preflight-0
  // Preflight requests should not be subject to security due to the reason UAs will remove the Authorization header
  if (request.method() == HttpMethod.OPTIONS) {
    // check if there is a access control request header
    final String accessControlRequestHeader = ctx.request().getHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS);
    if (accessControlRequestHeader != null) {
      // lookup for the Authorization header
      for (String ctrlReq : accessControlRequestHeader.split(",")) {
        if (ctrlReq.equalsIgnoreCase("Authorization")) {
          // this request has auth in access control, so we can allow preflighs without authentication
          ctx.next();
          return true;
        }
      }
    }
  }

  return false;
}
 
Example 3
Source File: AuthenticationHandlerImpl.java    From vertx-web with Apache License 2.0 6 votes vote down vote up
private boolean handlePreflight(RoutingContext ctx) {
  final HttpServerRequest request = ctx.request();
  // See: https://www.w3.org/TR/cors/#cross-origin-request-with-preflight-0
  // Preflight requests should not be subject to security due to the reason UAs will remove the Authorization header
  if (request.method() == HttpMethod.OPTIONS) {
    // check if there is a access control request header
    final String accessControlRequestHeader = ctx.request().getHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS);
    if (accessControlRequestHeader != null) {
      // lookup for the Authorization header
      for (String ctrlReq : accessControlRequestHeader.split(",")) {
        if (ctrlReq.equalsIgnoreCase("Authorization")) {
          // this request has auth in access control, so we can allow preflighs without authentication
          ctx.next();
          return true;
        }
      }
    }
  }

  return false;
}
 
Example 4
Source File: CorsHandlerImpl.java    From vertx-web with Apache License 2.0 5 votes vote down vote up
@Override
public void handle(RoutingContext context) {
  HttpServerRequest request = context.request();
  HttpServerResponse response = context.response();
  String origin = context.request().headers().get(ORIGIN);
  if (origin == null) {
    // Not a CORS request - we don't set any headers and just call the next handler
    context.next();
  } else if (isValidOrigin(origin)) {
    String accessControlRequestMethod = request.headers().get(ACCESS_CONTROL_REQUEST_METHOD);
    if (request.method() == HttpMethod.OPTIONS && accessControlRequestMethod != null) {
      // Pre-flight request
      addCredentialsAndOriginHeader(response, origin);
      if (allowedMethodsString != null) {
        response.putHeader(ACCESS_CONTROL_ALLOW_METHODS, allowedMethodsString);
      }
      if (allowedHeadersString != null) {
        response.putHeader(ACCESS_CONTROL_ALLOW_HEADERS, allowedHeadersString);
      }
      if (maxAgeSeconds != null) {
        response.putHeader(ACCESS_CONTROL_MAX_AGE, maxAgeSeconds);
      }
      // according to MDC although the is no body the response should be OK
      response.setStatusCode(200).end();
    } else {
      addCredentialsAndOriginHeader(response, origin);
      if (exposedHeadersString != null) {
        response.putHeader(ACCESS_CONTROL_EXPOSE_HEADERS, exposedHeadersString);
      }
      context.put(CORS_HANDLED_FLAG, true);
      context.next();
    }
  } else {
    context
      .response()
      .setStatusMessage("CORS Rejected - Invalid origin");
    context
      .fail(403);
  }
}
 
Example 5
Source File: RouteBuilder.java    From vxms with Apache License 2.0 4 votes vote down vote up
public static RouteBuilder options(String path, RestHandlerConsumer methodReference, String... consumes) {
    return new RouteBuilder(
            new MethodDescriptor(HttpMethod.OPTIONS, path, methodReference, consumes, null));
}