Created
September 27, 2018 15:52
-
-
Save mhagnumdw/383de53ba503b7533c8c6f9122903e73 to your computer and use it in GitHub Desktop.
CorsHandlerV2 for Pippo (prefer CorsHandler)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package br.gov.ce.fortaleza.sefin.jarvis.filter; | |
import org.apache.commons.lang3.StringUtils; | |
import ro.pippo.core.route.RouteContext; | |
import ro.pippo.core.route.RouteHandler; | |
/** | |
* Define how CORS requests are handled. | |
* | |
* <p>The Cross-Origin Resource Sharing standard works by adding new HTTP headers | |
* that allow servers to describe the set of origins that are permitted to read | |
* that information using a web browser.</p> | |
* | |
* <p>For more details see: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS</p> | |
* | |
* <p>Based on: https://github.com/pac4j/pac4j/blob/3806174df54b939ed2785ee493f63b9851fcd03e/pac4j-core/src/main/java/org/pac4j/core/authorization/authorizer/CorsAuthorizer.java</p> | |
*/ | |
public class CorsHandlerV2 implements RouteHandler<RouteContext> { | |
private String allowOrigin; | |
private String exposeHeaders; | |
private int maxAge = -1; | |
private Boolean allowCredentials; | |
private String allowMethods; | |
private String allowHeaders; | |
public CorsHandlerV2(String allowOrigin) { | |
if (StringUtils.isBlank(allowOrigin)) { | |
throw new RuntimeException("allowOrigin cannot be blank"); | |
} | |
this.allowOrigin = allowOrigin; | |
} | |
// TODO: submitted pull request to Pippo to create the constants below. | |
// Change the Strings of the method below by the constants when possible: | |
// See: https://github.com/pippo-java/pippo/pull/452 | |
// 1 | |
// attribute: ro.pippo.core.HttpConstants.Header.ACCESS_CONTROL_ALLOW_ORIGIN | |
// value: "Access-Control-Allow-Origin" | |
// 2 | |
// attribute: ro.pippo.core.HttpConstants.Header.ACCESS_CONTROL_EXPOSE_HEADERS | |
// value: "Access-Control-Expose-Headers" | |
// 3 | |
// attribute: ro.pippo.core.HttpConstants.Header.ACCESS_CONTROL_MAX_AGE | |
// value: "Access-Control-Max-Age" | |
// 4 | |
// attribute: ro.pippo.core.HttpConstants.Header.ACCESS_CONTROL_ALLOW_CREDENTIALS | |
// value: "Access-Control-Allow-Credentials" | |
// 5 | |
// attribute: ro.pippo.core.HttpConstants.Header.ACCESS_CONTROL_ALLOW_METHODS | |
// value: "Access-Control-Allow-Methods" | |
// 6 | |
// attribute: ro.pippo.core.HttpConstants.Header.ACCESS_CONTROL_ALLOW_HEADERS | |
// value: "Access-Control-Allow-Headers" | |
@Override | |
public void handle(RouteContext context) { | |
context.getResponse().header("Access-Control-Allow-Origin", allowOrigin); | |
if (StringUtils.isNotBlank(exposeHeaders)) { | |
context.getResponse().header("Access-Control-Expose-Headers", exposeHeaders); | |
} | |
if (maxAge != -1) { | |
context.getResponse().header("Access-Control-Max-Age", "" + maxAge); | |
} | |
// According to the documentation only if true is what needs to be set | |
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials#Directives | |
if (allowCredentials != null && allowCredentials) { | |
context.getResponse().header("Access-Control-Allow-Credentials", allowCredentials.toString()); | |
} | |
if (allowMethods != null) { | |
context.getResponse().header("Access-Control-Allow-Methods", allowMethods); | |
} | |
if (allowHeaders != null) { | |
context.getResponse().header("Access-Control-Allow-Headers", allowHeaders); | |
} | |
if (context.getRequestMethod().equals("OPTIONS")) { | |
context.getResponse().accepted(); | |
return; | |
} | |
context.next(); | |
} | |
public void setExposeHeaders(String exposeHeaders) { | |
this.exposeHeaders = exposeHeaders; | |
} | |
public void setMaxAge(int maxAge) { | |
this.maxAge = maxAge; | |
} | |
public void setAllowCredentials(Boolean allowCredentials) { | |
this.allowCredentials = allowCredentials; | |
} | |
public void setAllowMethods(String allowMethods) { | |
this.allowMethods = allowMethods; | |
} | |
public void setAllowHeaders(String allowHeaders) { | |
this.allowHeaders = allowHeaders; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment