Package io.micronaut.http.server.cors

Class CorsFilter

java.lang.Object

io.micronaut.http.server.cors.CorsFilter

All Implemented Interfaces:

io.micronaut.core.order.Ordered, io.micronaut.http.filter.ConditionalFilter

@ServerFilter("/**")
public class CorsFilter
extends Object
implements io.micronaut.core.order.Ordered, io.micronaut.http.filter.ConditionalFilter

Responsible for handling CORS requests and responses.

Since:

1.0

Field Summary

Fields

Modifier and Type	Field	Description
static final int	CORS_FILTER_ORDER
protected final HttpServerConfiguration.CorsConfiguration	corsConfiguration

Fields inherited from interface io.micronaut.core.order.Ordered

HIGHEST_PRECEDENCE, LOWEST_PRECEDENCE

Constructor Summary

Constructors

Constructor	Description
CorsFilter(HttpServerConfiguration.CorsConfiguration corsConfiguration, @Nullable HttpHostResolver httpHostResolver)	Deprecated, for removal: This API element is subject to removal in a future version. use CorsFilter(io.micronaut.http.server.HttpServerConfiguration.CorsConfiguration,@io.micronaut.core.annotation.Nullable io.micronaut.http.server.util.HttpHostResolver,io.micronaut.web.router.Router) instead.
CorsFilter(HttpServerConfiguration.CorsConfiguration corsConfiguration, @Nullable HttpHostResolver httpHostResolver, io.micronaut.web.router.Router router)

Method Summary

Modifier and Type	Method	Description
final @Nullable io.micronaut.http.HttpResponse<?>	filterPreFlightRequest(io.micronaut.http.HttpRequest<?> request)
final @Nullable io.micronaut.http.HttpResponse<?>	filterRequest(io.micronaut.http.HttpRequest<?> request)
final void	filterResponse(io.micronaut.http.HttpRequest<?> request, io.micronaut.http.MutableHttpResponse<?> response)
int	getOrder()
boolean	isEnabled(io.micronaut.http.HttpRequest<?> request)
protected void	setAllowCredentials(CorsOriginConfiguration config, io.micronaut.http.MutableHttpResponse<?> response)
protected void	setAllowHeaders(List<?> optionalAllowHeaders, io.micronaut.http.MutableHttpResponse<?> response)
protected void	setAllowMethods(io.micronaut.http.HttpMethod method, io.micronaut.http.MutableHttpResponse<?> response)
protected void	setAllowPrivateNetwork(CorsOriginConfiguration config, io.micronaut.http.MutableHttpResponse<?> response)	Sets the HTTP Header "Access-Control-Allow-Private-Network" in the response to true, if the CorsOriginConfiguration.isAllowPrivateNetwork() is true.
protected void	setExposeHeaders(List<String> exposedHeaders, io.micronaut.http.MutableHttpResponse<?> response)
protected void	setMaxAge(long maxAge, io.micronaut.http.MutableHttpResponse<?> response)
protected void	setOrigin(@Nullable String origin, @NonNull io.micronaut.http.MutableHttpResponse<?> response)
protected void	setVary(io.micronaut.http.MutableHttpResponse<?> response)
protected boolean	shouldDenyToPreventDriveByLocalhostAttack(@NonNull CorsOriginConfiguration corsOriginConfiguration, @NonNull io.micronaut.http.HttpRequest<?> request)
protected boolean	shouldDenyToPreventDriveByLocalhostAttack(@NonNull String origin, @NonNull io.micronaut.http.HttpRequest<?> request)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

CORS_FILTER_ORDER

public static final int CORS_FILTER_ORDER

corsConfiguration

protected final HttpServerConfiguration.CorsConfiguration corsConfiguration

Constructor Details

CorsFilter

@Deprecated(since="4.7",
            forRemoval=true)
public CorsFilter(HttpServerConfiguration.CorsConfiguration corsConfiguration,
 @Nullable
 @Nullable HttpHostResolver httpHostResolver)

Deprecated, for removal: This API element is subject to removal in a future version.

use CorsFilter(io.micronaut.http.server.HttpServerConfiguration.CorsConfiguration,@io.micronaut.core.annotation.Nullable io.micronaut.http.server.util.HttpHostResolver,io.micronaut.web.router.Router) instead.

Parameters:

corsConfiguration - The CorsOriginConfiguration instance

httpHostResolver - HTTP Host resolver

CorsFilter

@Inject
public CorsFilter(HttpServerConfiguration.CorsConfiguration corsConfiguration,
 @Nullable
 @Nullable HttpHostResolver httpHostResolver,
 io.micronaut.web.router.Router router)

Parameters:

corsConfiguration - The CorsOriginConfiguration instance

httpHostResolver - HTTP Host resolver

Method Details

isEnabled

public boolean isEnabled(io.micronaut.http.HttpRequest<?> request)

Specified by:

isEnabled in interface io.micronaut.http.filter.ConditionalFilter

filterPreFlightRequest

@PreMatching
@RequestFilter
@Nullable
@Internal
public final @Nullable io.micronaut.http.HttpResponse<?> filterPreFlightRequest(io.micronaut.http.HttpRequest<?> request)

filterRequest

@RequestFilter
@Nullable
@Internal
public final @Nullable io.micronaut.http.HttpResponse<?> filterRequest(io.micronaut.http.HttpRequest<?> request)

filterResponse

@ResponseFilter
@Internal
public final void filterResponse(io.micronaut.http.HttpRequest<?> request,
 io.micronaut.http.MutableHttpResponse<?> response)

shouldDenyToPreventDriveByLocalhostAttack

protected boolean shouldDenyToPreventDriveByLocalhostAttack(@NonNull
 @NonNull CorsOriginConfiguration corsOriginConfiguration,
 @NonNull
 @NonNull io.micronaut.http.HttpRequest<?> request)

Parameters:

corsOriginConfiguration - CORS Origin configuration for request's HTTP Header origin.

request - HTTP Request

Returns:

true if the resolved host is localhost or 127.0.0.1 address and the CORS configuration has any for allowed origins.

shouldDenyToPreventDriveByLocalhostAttack

protected boolean shouldDenyToPreventDriveByLocalhostAttack(@NonNull
 @NonNull String origin,
 @NonNull
 @NonNull io.micronaut.http.HttpRequest<?> request)

Parameters:

origin - HTTP Header HttpHeaders.ORIGIN value.

request - HTTP Request

Returns:

true if the resolved host is localhost or 127.0.0.1 and origin is not one of these then deny it.

getOrder

public int getOrder()

Specified by:

getOrder in interface io.micronaut.core.order.Ordered

setAllowCredentials

protected void setAllowCredentials(CorsOriginConfiguration config,
 io.micronaut.http.MutableHttpResponse<?> response)

Parameters:

config - The CorsOriginConfiguration instance

response - The MutableHttpResponse object

setAllowPrivateNetwork

protected void setAllowPrivateNetwork(CorsOriginConfiguration config,
 io.micronaut.http.MutableHttpResponse<?> response)

Sets the HTTP Header "Access-Control-Allow-Private-Network" in the response to true, if the CorsOriginConfiguration.isAllowPrivateNetwork() is true.

Parameters:

config - The CorsOriginConfiguration instance

response - The MutableHttpResponse object

setExposeHeaders

protected void setExposeHeaders(List<String> exposedHeaders,
 io.micronaut.http.MutableHttpResponse<?> response)

Parameters:

exposedHeaders - A list of the exposed headers

response - The MutableHttpResponse object

setVary

protected void setVary(io.micronaut.http.MutableHttpResponse<?> response)

Parameters:

response - The MutableHttpResponse object

setOrigin

protected void setOrigin(@Nullable
 @Nullable String origin,
 @NonNull
 @NonNull io.micronaut.http.MutableHttpResponse<?> response)

Parameters:

origin - The origin

response - The MutableHttpResponse object

setAllowMethods

protected void setAllowMethods(io.micronaut.http.HttpMethod method,
 io.micronaut.http.MutableHttpResponse<?> response)

Parameters:

method - The HttpMethod object

response - The MutableHttpResponse object

setAllowHeaders

protected void setAllowHeaders(List<?> optionalAllowHeaders,
 io.micronaut.http.MutableHttpResponse<?> response)

Parameters:

optionalAllowHeaders - A list with optional allow headers

response - The MutableHttpResponse object

setMaxAge

protected void setMaxAge(long maxAge,
 io.micronaut.http.MutableHttpResponse<?> response)

Parameters:

maxAge - The max age

response - The MutableHttpResponse object