public class CorsConfiguration {
/**
* Wildcard representing <em>all</em> origins, methods, or headers.
*/
public static final String ALL = "*";
private static final List<HttpMethod> DEFAULT_METHODS;
static {
List<HttpMethod> rawMethods = new ArrayList<HttpMethod>(2);
rawMethods.add(HttpMethod.GET);
rawMethods.add(HttpMethod.HEAD);
DEFAULT_METHODS = Collections.unmodifiableList(rawMethods);
}
private List<String> allowedOrigins;
private List<String> allowedMethods;
private List<HttpMethod> resolvedMethods = DEFAULT_METHODS;
private List<String> allowedHeaders;
private List<String> exposedHeaders;
private Boolean allowCredentials;
private Long maxAge;
/**
* Construct a new {@code CorsConfiguration} instance with no cross-origin
* requests allowed for any origin by default.
* @see #applyPermitDefaultValues()
*/
public CorsConfiguration() {
}
/**
* Construct a new {@code CorsConfiguration} instance by copying all
* values from the supplied {@code CorsConfiguration}.
*/
public CorsConfiguration(CorsConfiguration other) {
this.allowedOrigins = other.allowedOrigins;
this.allowedMethods = other.allowedMethods;
this.resolvedMethods = other.resolvedMethods;
this.allowedHeaders = other.allowedHeaders;
this.exposedHeaders = other.exposedHeaders;
this.allowCredentials = other.allowCredentials;
this.maxAge = other.maxAge;
}
/**
Set<String> combined = new LinkedHashSet<String>(source);
return new ArrayList<String>(combined);
* Set the origins to allow, e.g. {@code "http://domain1.com"}.
* <p>The special value {@code "*"} allows all domains.
* <p>By default this is not set.
*/
public void setAllowedOrigins(List<String> allowedOrigins) {
this.allowedOrigins = (allowedOrigins != null ? new ArrayList<String>(allowedOrigins) : null);
}