Configuration

class Configuration

CORS feature configuration

Constructors

<init>

Configuration()

CORS feature configuration

Properties

allowCredentials

var allowCredentials: Boolean

Allow sending credentials

allowNonSimpleContentTypes

var allowNonSimpleContentTypes: Boolean

Allow sending requests with non-simple content-types. The following content types are considered simple:

allowSameOrigin

var allowSameOrigin: Boolean

Allow requests from the same origin

exposedHeaders

val exposedHeaders: MutableSet<String>

Exposed HTTP headers that could be accessed by a client

headers

val headers: MutableSet<String>

Allowed CORS headers

hosts

val hosts: MutableSet<String>

Allowed CORS hosts

maxAge

var maxAge: Duration

Max-Age for cached CORS options

maxAgeInSeconds

var maxAgeInSeconds: Long

Duration in seconds to tell the client to keep the host in a list of known HSTS hosts.

methods

val methods: MutableSet<HttpMethod>

Allowed HTTP methods

Functions

allowXHttpMethodOverride

fun allowXHttpMethodOverride(): Unit

Allow to send X-Http-Method-Override header

anyHost

fun anyHost(): Unit

Allow requests from any host

exposeHeader

fun exposeHeader(header: String): Unit

Allow to expose header. It adds the header to Access-Control-Expose-Headers if it is not a simple response header.

exposeXHttpMethodOverride

fun exposeXHttpMethodOverride(): Unit

Allow to expose X-Http-Method-Override header

header

fun header(header: String): Unit

Allow sending header

host

fun host(
    host: String,
    schemes: List<String> = listOf("http"),
    subDomains: List<String> = emptyList()
): Unit

Allow requests from the specified domains and schemes

method

fun method(method: HttpMethod): Unit

Please note that CORS operates ONLY with REAL HTTP methods and will never consider overridden methods via X-Http-Method-Override. However you can add them here if you are implementing CORS at client side from the scratch that you generally don’t need to do.

Companion Object Properties

CorsDefaultHeaders

val CorsDefaultHeaders: Set<String>

Default HTTP headers that are always allowed by CORS

CorsDefaultMethods

val CorsDefaultMethods: Set<HttpMethod>

Default HTTP methods that are always allowed by CORS

CorsSimpleContentTypes

val CorsSimpleContentTypes: Set<ContentType>

The allowed set of content types that are allowed by CORS without preflight check

CorsSimpleRequestHeaders

val CorsSimpleRequestHeaders: Set<String>

Default HTTP headers that are always allowed by CORS (simple request headers according to https://www.w3.org/TR/cors/#simple-header ) Please note that Content-Type header simplicity depends on it’s value.

CorsSimpleResponseHeaders

val CorsSimpleResponseHeaders: Set<String>

Default HTTP headers that are always allowed by CORS to be used in response (simple request headers according to https://www.w3.org/TR/cors/#simple-header )

Extension Properties

maxAge

var Configuration.maxAge: Duration

maxAgeDuration

var Configuration.maxAgeDuration: <ERROR CLASS>

Duration to tell the client to keep CORS options.