Skip to content

Instantly share code, notes, and snippets.

@mhagnumdw

mhagnumdw/CorsHandlerV2.java

Created September 27, 2018 15:52
Show Gist options
  • Save mhagnumdw/383de53ba503b7533c8c6f9122903e73 to your computer and use it in GitHub Desktop.
Save mhagnumdw/383de53ba503b7533c8c6f9122903e73 to your computer and use it in GitHub Desktop.
Download ZIP
CorsHandlerV2 for Pippo (prefer CorsHandler)
Raw
CorsHandlerV2.java
package br.gov.ce.fortaleza.sefin.jarvis.filter;
import org.apache.commons.lang3.StringUtils;
import ro.pippo.core.route.RouteContext;
import ro.pippo.core.route.RouteHandler;
/**
* Define how CORS requests are handled.
*
* <p>The Cross-Origin Resource Sharing standard works by adding new HTTP headers
* that allow servers to describe the set of origins that are permitted to read
* that information using a web browser.</p>
*
* <p>For more details see: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS</p>
*
* <p>Based on: https://github.com/pac4j/pac4j/blob/3806174df54b939ed2785ee493f63b9851fcd03e/pac4j-core/src/main/java/org/pac4j/core/authorization/authorizer/CorsAuthorizer.java</p>
*/
public class CorsHandlerV2 implements RouteHandler<RouteContext> {
private String allowOrigin;
private String exposeHeaders;
private int maxAge = -1;
private Boolean allowCredentials;
private String allowMethods;
private String allowHeaders;
public CorsHandlerV2(String allowOrigin) {
if (StringUtils.isBlank(allowOrigin)) {
throw new RuntimeException("allowOrigin cannot be blank");
}
this.allowOrigin = allowOrigin;
}
// TODO: submitted pull request to Pippo to create the constants below.
// Change the Strings of the method below by the constants when possible:
// See: https://github.com/pippo-java/pippo/pull/452
// 1
// attribute: ro.pippo.core.HttpConstants.Header.ACCESS_CONTROL_ALLOW_ORIGIN
// value: "Access-Control-Allow-Origin"
// 2
// attribute: ro.pippo.core.HttpConstants.Header.ACCESS_CONTROL_EXPOSE_HEADERS
// value: "Access-Control-Expose-Headers"
// 3
// attribute: ro.pippo.core.HttpConstants.Header.ACCESS_CONTROL_MAX_AGE
// value: "Access-Control-Max-Age"
// 4
// attribute: ro.pippo.core.HttpConstants.Header.ACCESS_CONTROL_ALLOW_CREDENTIALS
// value: "Access-Control-Allow-Credentials"
// 5
// attribute: ro.pippo.core.HttpConstants.Header.ACCESS_CONTROL_ALLOW_METHODS
// value: "Access-Control-Allow-Methods"
// 6
// attribute: ro.pippo.core.HttpConstants.Header.ACCESS_CONTROL_ALLOW_HEADERS
// value: "Access-Control-Allow-Headers"
@Override
public void handle(RouteContext context) {
context.getResponse().header("Access-Control-Allow-Origin", allowOrigin);
if (StringUtils.isNotBlank(exposeHeaders)) {
context.getResponse().header("Access-Control-Expose-Headers", exposeHeaders);
}
if (maxAge != -1) {
context.getResponse().header("Access-Control-Max-Age", "" + maxAge);
}
// According to the documentation only if true is what needs to be set
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials#Directives
if (allowCredentials != null && allowCredentials) {
context.getResponse().header("Access-Control-Allow-Credentials", allowCredentials.toString());
}
if (allowMethods != null) {
context.getResponse().header("Access-Control-Allow-Methods", allowMethods);
}
if (allowHeaders != null) {
context.getResponse().header("Access-Control-Allow-Headers", allowHeaders);
}
if (context.getRequestMethod().equals("OPTIONS")) {
context.getResponse().accepted();
return;
}
context.next();
}
public void setExposeHeaders(String exposeHeaders) {
this.exposeHeaders = exposeHeaders;
}
public void setMaxAge(int maxAge) {
this.maxAge = maxAge;
}
public void setAllowCredentials(Boolean allowCredentials) {
this.allowCredentials = allowCredentials;
}
public void setAllowMethods(String allowMethods) {
this.allowMethods = allowMethods;
}
public void setAllowHeaders(String allowHeaders) {
this.allowHeaders = allowHeaders;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment