ktor-server-core/io.ktor.features/CORS/Configuration

Configuration

class Configuration
Content copied to clipboard

CORS feature configuration

Constructors

Link copied to clipboard
fun Configuration()
Content copied to clipboard

Types

Link copied to clipboard
object Companion
Content copied to clipboard

Functions

Link copied to clipboard
fun allowHeaders(predicate: (String) -> Boolean)
Content copied to clipboard

Allow headers that match predicate

Link copied to clipboard
fun allowHeadersPrefixed(headerPrefix: String)
Content copied to clipboard

Allow headers prefixed with headerPrefix

Link copied to clipboard
fun allowXHttpMethodOverride()
Content copied to clipboard

Allow to send X-Http-Method-Override header

Link copied to clipboard
fun anyHost()
Content copied to clipboard

Allow requests from any host

Link copied to clipboard
fun exposeHeader(header: String)
Content copied to clipboard

Allow to expose header. It adds the header to Access-Control-Expose-Headers if it is not a simple response header.

Link copied to clipboard
fun exposeXHttpMethodOverride()
Content copied to clipboard

Allow to expose X-Http-Method-Override header

Link copied to clipboard
fun header(header: String)
Content copied to clipboard

Allow sending header

Link copied to clipboard
fun host(host: String, schemes: List<String> = listOf("http"), subDomains: List<String> = emptyList())
Content copied to clipboard

Allow requests from the specified domains and schemes. A wildcard is supported for either the host or any subdomain. If you specify a wildcard in the host, you cannot add specific subdomains. Otherwise you can mix wildcard and non-wildcard subdomains as long as the wildcard is always in front of the domain, e.g. *.sub.domain.com but not sub.*.domain.com.

Link copied to clipboard
fun method(method: HttpMethod)
Content copied to clipboard

Please note that CORS operates ONLY with REAL HTTP methods and will never consider overridden methods via X-Http-Method-Override. However you can add them here if you are implementing CORS at client side from the scratch that you generally don't need to do.

Properties

Link copied to clipboard
var allowCredentials: Boolean = false
Content copied to clipboard

Allow sending credentials

Link copied to clipboard
var allowNonSimpleContentTypes: Boolean = false
Content copied to clipboard

Allow sending requests with non-simple content-types. The following content types are considered simple:

Link copied to clipboard
var allowSameOrigin: Boolean = true
Content copied to clipboard

Allow requests from the same origin

Link copied to clipboard
val exposedHeaders: MutableSet<String>
Content copied to clipboard

Exposed HTTP headers that could be accessed by a client

Link copied to clipboard
val headerPredicates: MutableList<(String) -> Boolean>
Content copied to clipboard

If present represents the prefix for headers which are permitted in cors requests.

Link copied to clipboard
val headers: MutableSet<String>
Content copied to clipboard

Allowed CORS headers

Link copied to clipboard
val hosts: MutableSet<String>
Content copied to clipboard

Allowed CORS hosts

Link copied to clipboard
var maxAge: Duration
Content copied to clipboard

Max-Age for cached CORS options

Link copied to clipboard
var maxAgeInSeconds: Long
Content copied to clipboard

Duration in seconds to tell the client to keep the host in a list of known HSTS hosts.

Link copied to clipboard
val methods: MutableSet<HttpMethod>
Content copied to clipboard

Allowed HTTP methods

Extensions

Link copied to clipboard
var CORS.Configuration.maxAge: Duration
Content copied to clipboard
Link copied to clipboard
@ExperimentalTime
var CORS.Configuration.maxAgeDuration: Duration
Content copied to clipboard

Duration to tell the client to keep CORS options.