Configuration

class Configuration

CORS feature configuration

Constructors

<init>

Configuration()

CORS feature configuration

Properties

allowCredentials

var allowCredentials: Boolean

Allow sending credentials

allowSameOrigin

var allowSameOrigin: Boolean

Allow requests from the same origin

exposedHeaders

val exposedHeaders: TreeSet<String>

Exposed HTTP headers that could be accessed by a client

headers

val headers: TreeSet<String>

Allowed CORS headers

hosts

val hosts: HashSet<String>

Allowed CORS hosts

maxAge

var maxAge: Duration

Max-Age for cached CORS options

methods

val methods: HashSet<HttpMethod>

Allowed HTTP methods

Functions

anyHost

fun anyHost(): Unit

Allow requests from any host

exposeHeader

fun exposeHeader(header: String): Unit

Allow to expose header

exposeXHttpMethodOverride

fun exposeXHttpMethodOverride(): Unit

Allow to expose X-Http-Method-Override header

header

fun header(header: String): Unit

Allow sending header

host

fun host(
    host: String,
    schemes: List<String> = listOf("http"),
    subDomains: List<String> = emptyList()
): Unit

Allow requests from the specified domains and schemes

method

fun method(method: HttpMethod): Unit

Please note that CORS operates ONLY with REAL HTTP methods and will never consider overridden methods via X-Http-Method-Override. However you can add them here if you are implementing CORS at client side from the scratch that you generally don’t need to do.

Companion Object Properties

CorsDefaultHeaders

val CorsDefaultHeaders: Set<String>

Default HTTP headers that are always allowed by CORS

CorsDefaultMethods

val CorsDefaultMethods: Set<HttpMethod>

Default HTTP methods that are always allowed by CORS