CORSConfig

class CORSConfig

A configuration for the io.ktor.server.plugins.cors.routing.CORS plugin.

Constructors

Link copied to clipboard
fun CORSConfig()

Types

Link copied to clipboard
object Companion

Functions

Link copied to clipboard
fun allowHeader(header: String)

Allow using a specified header for the actual CORS request.

Link copied to clipboard
fun allowHeaders(predicate: (String) -> Boolean)

Allows using headers matching predicate for the actual CORS request.

Link copied to clipboard
fun allowHeadersPrefixed(headerPrefix: String)

Allows using headers prefixed with headerPrefix for the actual CORS request.

Link copied to clipboard
fun allowHost(host: String, schemes: List<String> = listOf("http"), subDomains: List<String> = emptyList())

Allows requests from the specified domains and schemes. A wildcard is supported for either the host or any subdomain. If you specify a wildcard in the host, you cannot add specific subdomains. Otherwise, you can mix wildcard and non-wildcard subdomains as long as the wildcard is always in front of the domain, e.g. *.sub.domain.com but not sub.*.domain.com.

Link copied to clipboard
fun allowMethod(method: <ERROR CLASS>)

Adds a specified method to a list of methods allowed by CORS.

Link copied to clipboard
fun allowXHttpMethodOverride()

Allows using the X-Http-Method-Override header for the actual CORS request.

Link copied to clipboard
fun anyHost()

Allows requests from any host.

Link copied to clipboard
fun exposeHeader(header: String)

Allows exposing the header using Access-Control-Expose-Headers. The Access-Control-Expose-Headers header adds the specified headers to the allowlist that JavaScript in browsers can access.

Properties

Link copied to clipboard
var allowCredentials: Boolean = false

Allows passing credential information (such as cookies or authentication information) with cross-origin requests. This property sets the Access-Control-Allow-Credentials response header to true.

Link copied to clipboard
var allowNonSimpleContentTypes: Boolean = false

Allows sending requests with non-simple content-types. The following content types are considered simple:

Link copied to clipboard
var allowSameOrigin: Boolean = true

Allows requests from the same origin.

Link copied to clipboard
val exposedHeaders: MutableSet<String>

Exposed HTTP headers that could be accessed by a client.

Link copied to clipboard
val headerPredicates: MutableList<(String) -> Boolean>

If present represents the prefix for headers which are permitted in CORS requests.

Link copied to clipboard
val headers: MutableSet<String>

Allowed CORS headers.

Link copied to clipboard
val hosts: MutableSet<String>

Allowed CORS hosts.

Link copied to clipboard
var maxAgeInSeconds: Long

Specifies how long the response to the preflight request can be cached without sending another preflight request.

Link copied to clipboard
val methods: MutableSet<<ERROR CLASS>>

Allowed CORS HTTP methods.

Extensions

Link copied to clipboard
var CORSConfig.maxAgeDuration: Duration

Duration to tell the client to keep CORS options.