Java Code Examples for org.springframework.http.HttpHeaders#setAccessControlAllowOrigin()

The following examples show how to use org.springframework.http.HttpHeaders#setAccessControlAllowOrigin() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: DefaultCorsProcessor.java    From spring-analysis-note with MIT License 4 votes vote down vote up
/**
 * Handle the given request.
 */
protected boolean handleInternal(ServerHttpRequest request, ServerHttpResponse response,
		CorsConfiguration config, boolean preFlightRequest) throws IOException {

	String requestOrigin = request.getHeaders().getOrigin();
	String allowOrigin = checkOrigin(config, requestOrigin);
	HttpHeaders responseHeaders = response.getHeaders();

	if (allowOrigin == null) {
		logger.debug("Reject: '" + requestOrigin + "' origin is not allowed");
		rejectRequest(response);
		return false;
	}

	HttpMethod requestMethod = getMethodToUse(request, preFlightRequest);
	List<HttpMethod> allowMethods = checkMethods(config, requestMethod);
	if (allowMethods == null) {
		logger.debug("Reject: HTTP '" + requestMethod + "' is not allowed");
		rejectRequest(response);
		return false;
	}

	List<String> requestHeaders = getHeadersToUse(request, preFlightRequest);
	List<String> allowHeaders = checkHeaders(config, requestHeaders);
	if (preFlightRequest && allowHeaders == null) {
		logger.debug("Reject: headers '" + requestHeaders + "' are not allowed");
		rejectRequest(response);
		return false;
	}

	responseHeaders.setAccessControlAllowOrigin(allowOrigin);

	if (preFlightRequest) {
		responseHeaders.setAccessControlAllowMethods(allowMethods);
	}

	if (preFlightRequest && !allowHeaders.isEmpty()) {
		responseHeaders.setAccessControlAllowHeaders(allowHeaders);
	}

	if (!CollectionUtils.isEmpty(config.getExposedHeaders())) {
		responseHeaders.setAccessControlExposeHeaders(config.getExposedHeaders());
	}

	if (Boolean.TRUE.equals(config.getAllowCredentials())) {
		responseHeaders.setAccessControlAllowCredentials(true);
	}

	if (preFlightRequest && config.getMaxAge() != null) {
		responseHeaders.setAccessControlMaxAge(config.getMaxAge());
	}

	response.flush();
	return true;
}
 
Example 2
Source File: DefaultCorsProcessor.java    From spring-analysis-note with MIT License 4 votes vote down vote up
/**
 * Handle the given request.
 */
protected boolean handleInternal(ServerWebExchange exchange,
		CorsConfiguration config, boolean preFlightRequest) {

	ServerHttpRequest request = exchange.getRequest();
	ServerHttpResponse response = exchange.getResponse();
	HttpHeaders responseHeaders = response.getHeaders();

	String requestOrigin = request.getHeaders().getOrigin();
	String allowOrigin = checkOrigin(config, requestOrigin);
	if (allowOrigin == null) {
		logger.debug("Reject: '" + requestOrigin + "' origin is not allowed");
		rejectRequest(response);
		return false;
	}

	HttpMethod requestMethod = getMethodToUse(request, preFlightRequest);
	List<HttpMethod> allowMethods = checkMethods(config, requestMethod);
	if (allowMethods == null) {
		logger.debug("Reject: HTTP '" + requestMethod + "' is not allowed");
		rejectRequest(response);
		return false;
	}

	List<String> requestHeaders = getHeadersToUse(request, preFlightRequest);
	List<String> allowHeaders = checkHeaders(config, requestHeaders);
	if (preFlightRequest && allowHeaders == null) {
		logger.debug("Reject: headers '" + requestHeaders + "' are not allowed");
		rejectRequest(response);
		return false;
	}

	responseHeaders.setAccessControlAllowOrigin(allowOrigin);

	if (preFlightRequest) {
		responseHeaders.setAccessControlAllowMethods(allowMethods);
	}

	if (preFlightRequest && !allowHeaders.isEmpty()) {
		responseHeaders.setAccessControlAllowHeaders(allowHeaders);
	}

	if (!CollectionUtils.isEmpty(config.getExposedHeaders())) {
		responseHeaders.setAccessControlExposeHeaders(config.getExposedHeaders());
	}

	if (Boolean.TRUE.equals(config.getAllowCredentials())) {
		responseHeaders.setAccessControlAllowCredentials(true);
	}

	if (preFlightRequest && config.getMaxAge() != null) {
		responseHeaders.setAccessControlMaxAge(config.getMaxAge());
	}

	return true;
}
 
Example 3
Source File: DefaultCorsProcessor.java    From java-technology-stack with MIT License 4 votes vote down vote up
/**
 * Handle the given request.
 */
protected boolean handleInternal(ServerHttpRequest request, ServerHttpResponse response,
		CorsConfiguration config, boolean preFlightRequest) throws IOException {

	String requestOrigin = request.getHeaders().getOrigin();
	String allowOrigin = checkOrigin(config, requestOrigin);
	HttpHeaders responseHeaders = response.getHeaders();

	responseHeaders.addAll(HttpHeaders.VARY, Arrays.asList(HttpHeaders.ORIGIN,
			HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS));

	if (allowOrigin == null) {
		logger.debug("Reject: '" + requestOrigin + "' origin is not allowed");
		rejectRequest(response);
		return false;
	}

	HttpMethod requestMethod = getMethodToUse(request, preFlightRequest);
	List<HttpMethod> allowMethods = checkMethods(config, requestMethod);
	if (allowMethods == null) {
		logger.debug("Reject: HTTP '" + requestMethod + "' is not allowed");
		rejectRequest(response);
		return false;
	}

	List<String> requestHeaders = getHeadersToUse(request, preFlightRequest);
	List<String> allowHeaders = checkHeaders(config, requestHeaders);
	if (preFlightRequest && allowHeaders == null) {
		logger.debug("Reject: headers '" + requestHeaders + "' are not allowed");
		rejectRequest(response);
		return false;
	}

	responseHeaders.setAccessControlAllowOrigin(allowOrigin);

	if (preFlightRequest) {
		responseHeaders.setAccessControlAllowMethods(allowMethods);
	}

	if (preFlightRequest && !allowHeaders.isEmpty()) {
		responseHeaders.setAccessControlAllowHeaders(allowHeaders);
	}

	if (!CollectionUtils.isEmpty(config.getExposedHeaders())) {
		responseHeaders.setAccessControlExposeHeaders(config.getExposedHeaders());
	}

	if (Boolean.TRUE.equals(config.getAllowCredentials())) {
		responseHeaders.setAccessControlAllowCredentials(true);
	}

	if (preFlightRequest && config.getMaxAge() != null) {
		responseHeaders.setAccessControlMaxAge(config.getMaxAge());
	}

	response.flush();
	return true;
}
 
Example 4
Source File: DefaultCorsProcessor.java    From java-technology-stack with MIT License 4 votes vote down vote up
/**
 * Handle the given request.
 */
protected boolean handleInternal(ServerWebExchange exchange,
		CorsConfiguration config, boolean preFlightRequest) {

	ServerHttpRequest request = exchange.getRequest();
	ServerHttpResponse response = exchange.getResponse();
	HttpHeaders responseHeaders = response.getHeaders();

	response.getHeaders().addAll(HttpHeaders.VARY, Arrays.asList(HttpHeaders.ORIGIN,
			HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS));

	String requestOrigin = request.getHeaders().getOrigin();
	String allowOrigin = checkOrigin(config, requestOrigin);
	if (allowOrigin == null) {
		logger.debug("Reject: '" + requestOrigin + "' origin is not allowed");
		rejectRequest(response);
		return false;
	}

	HttpMethod requestMethod = getMethodToUse(request, preFlightRequest);
	List<HttpMethod> allowMethods = checkMethods(config, requestMethod);
	if (allowMethods == null) {
		logger.debug("Reject: HTTP '" + requestMethod + "' is not allowed");
		rejectRequest(response);
		return false;
	}

	List<String> requestHeaders = getHeadersToUse(request, preFlightRequest);
	List<String> allowHeaders = checkHeaders(config, requestHeaders);
	if (preFlightRequest && allowHeaders == null) {
		logger.debug("Reject: headers '" + requestHeaders + "' are not allowed");
		rejectRequest(response);
		return false;
	}

	responseHeaders.setAccessControlAllowOrigin(allowOrigin);

	if (preFlightRequest) {
		responseHeaders.setAccessControlAllowMethods(allowMethods);
	}

	if (preFlightRequest && !allowHeaders.isEmpty()) {
		responseHeaders.setAccessControlAllowHeaders(allowHeaders);
	}

	if (!CollectionUtils.isEmpty(config.getExposedHeaders())) {
		responseHeaders.setAccessControlExposeHeaders(config.getExposedHeaders());
	}

	if (Boolean.TRUE.equals(config.getAllowCredentials())) {
		responseHeaders.setAccessControlAllowCredentials(true);
	}

	if (preFlightRequest && config.getMaxAge() != null) {
		responseHeaders.setAccessControlMaxAge(config.getMaxAge());
	}

	return true;
}
 
Example 5
Source File: DefaultCorsProcessor.java    From lams with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Handle the given request.
 */
protected boolean handleInternal(ServerHttpRequest request, ServerHttpResponse response,
		CorsConfiguration config, boolean preFlightRequest) throws IOException {

	String requestOrigin = request.getHeaders().getOrigin();
	String allowOrigin = checkOrigin(config, requestOrigin);

	HttpMethod requestMethod = getMethodToUse(request, preFlightRequest);
	List<HttpMethod> allowMethods = checkMethods(config, requestMethod);

	List<String> requestHeaders = getHeadersToUse(request, preFlightRequest);
	List<String> allowHeaders = checkHeaders(config, requestHeaders);

	if (allowOrigin == null || allowMethods == null || (preFlightRequest && allowHeaders == null)) {
		rejectRequest(response);
		return false;
	}

	HttpHeaders responseHeaders = response.getHeaders();
	responseHeaders.setAccessControlAllowOrigin(allowOrigin);
	responseHeaders.add(HttpHeaders.VARY, HttpHeaders.ORIGIN);

	if (preFlightRequest) {
		responseHeaders.setAccessControlAllowMethods(allowMethods);
	}

	if (preFlightRequest && !allowHeaders.isEmpty()) {
		responseHeaders.setAccessControlAllowHeaders(allowHeaders);
	}

	if (!CollectionUtils.isEmpty(config.getExposedHeaders())) {
		responseHeaders.setAccessControlExposeHeaders(config.getExposedHeaders());
	}

	if (Boolean.TRUE.equals(config.getAllowCredentials())) {
		responseHeaders.setAccessControlAllowCredentials(true);
	}

	if (preFlightRequest && config.getMaxAge() != null) {
		responseHeaders.setAccessControlMaxAge(config.getMaxAge());
	}

	response.flush();
	return true;
}
 
Example 6
Source File: HystrixFallbackConfiguration.java    From spring-microservices with MIT License 4 votes vote down vote up
@Bean
public ZuulFallbackProvider zuulFallbackProvider() {
    return new ZuulFallbackProvider() {

        @Override
        public String getRoute() {
            return "article-service";
        }

        @Override
        public ClientHttpResponse fallbackResponse() {
            return new ClientHttpResponse() {
                @Override
                public HttpStatus getStatusCode() throws IOException {
                    return HttpStatus.OK;
                }

                @Override
                public int getRawStatusCode() throws IOException {
                    return HttpStatus.OK.value();
                }

                @Override
                public String getStatusText() throws IOException {
                    return HttpStatus.OK.toString();
                }

                @Override
                public void close() {
                }

                @Override
                public InputStream getBody() throws IOException {
                    return new ByteArrayInputStream("{\"factorA\":\"Sorry, Service is Down!\",\"factorB\":\"?\",\"id\":null}".getBytes());
                }

                @Override
                public HttpHeaders getHeaders() {
                    HttpHeaders headers = new HttpHeaders();
                    headers.setContentType(MediaType.APPLICATION_JSON);
                    headers.setAccessControlAllowCredentials(true);
                    headers.setAccessControlAllowOrigin("*");
                    return headers;
                }
            };
        }
    };
}
 
Example 7
Source File: DefaultCorsProcessor.java    From spring4-understanding with Apache License 2.0 4 votes vote down vote up
/**
 * Handle the given request.
 */
protected boolean handleInternal(ServerHttpRequest request, ServerHttpResponse response,
		CorsConfiguration config, boolean preFlightRequest) throws IOException {

	String requestOrigin = request.getHeaders().getOrigin();
	String allowOrigin = checkOrigin(config, requestOrigin);

	HttpMethod requestMethod = getMethodToUse(request, preFlightRequest);
	List<HttpMethod> allowMethods = checkMethods(config, requestMethod);

	List<String> requestHeaders = getHeadersToUse(request, preFlightRequest);
	List<String> allowHeaders = checkHeaders(config, requestHeaders);

	if (allowOrigin == null || allowMethods == null || (preFlightRequest && allowHeaders == null)) {
		rejectRequest(response);
		return false;
	}

	HttpHeaders responseHeaders = response.getHeaders();
	responseHeaders.setAccessControlAllowOrigin(allowOrigin);
	responseHeaders.add(HttpHeaders.VARY, HttpHeaders.ORIGIN);

	if (preFlightRequest) {
		responseHeaders.setAccessControlAllowMethods(allowMethods);
	}

	if (preFlightRequest && !allowHeaders.isEmpty()) {
		responseHeaders.setAccessControlAllowHeaders(allowHeaders);
	}

	if (!CollectionUtils.isEmpty(config.getExposedHeaders())) {
		responseHeaders.setAccessControlExposeHeaders(config.getExposedHeaders());
	}

	if (Boolean.TRUE.equals(config.getAllowCredentials())) {
		responseHeaders.setAccessControlAllowCredentials(true);
	}

	if (preFlightRequest && config.getMaxAge() != null) {
		responseHeaders.setAccessControlMaxAge(config.getMaxAge());
	}

	response.flush();
	return true;
}