CORSConfig

A configuration for the io.ktor.server.plugins.cors.routing.CORS plugin.

Constructors

Link copied to clipboard

Types

Link copied to clipboard
object Companion

Functions

Link copied to clipboard
fun allowHeader(header: String)

Allow using a specified header for the actual CORS request.

Link copied to clipboard
fun allowHeaders(predicate: (String) -> Boolean)

Allows using headers matching predicate for the actual CORS request.

Link copied to clipboard
fun allowHeadersPrefixed(headerPrefix: String)

Allows using headers prefixed with headerPrefix for the actual CORS request.

Link copied to clipboard
fun allowHost(host: String, schemes: List<String> = listOf("http"), subDomains: List<String> = emptyList())

Allows requests from the specified domains and schemes. A wildcard is supported for either the host or any subdomain. If you specify a wildcard in the host, you cannot add specific subdomains. Otherwise, you can mix wildcard and non-wildcard subdomains as long as the wildcard is always in front of the domain, e.g. *.sub.domain.com but not sub.*.domain.com.

Link copied to clipboard
fun allowMethod(method: HttpMethod)

Adds a specified method to a list of methods allowed by CORS.

Link copied to clipboard
fun allowOrigins(predicate: (String) -> Boolean)

Allows using an origin matching predicate for the actual CORS request.

Link copied to clipboard

Allows using the X-Http-Method-Override header for the actual CORS request.

Link copied to clipboard
fun anyHost()

Allows requests from any host.

Link copied to clipboard
fun exposeHeader(header: String)

Allows exposing the header using Access-Control-Expose-Headers. The Access-Control-Expose-Headers header adds the specified headers to the allowlist that JavaScript in browsers can access.

Properties

Link copied to clipboard

Allows passing credential information (such as cookies or authentication information) with cross-origin requests. This property sets the Access-Control-Allow-Credentials response header to true.

Link copied to clipboard

Allows sending requests with non-simple content-types. The following content types are considered simple:

Link copied to clipboard

Allows requests from the same origin.

Link copied to clipboard

Exposed HTTP headers that could be accessed by a client.

Link copied to clipboard

If present represents the prefix for headers which are permitted in CORS requests.

Link copied to clipboard

Allowed CORS headers.

Link copied to clipboard

Allowed CORS hosts.

Link copied to clipboard

Specifies how long the response to the preflight request can be cached without sending another preflight request.

Link copied to clipboard

Allowed CORS HTTP methods.

Extensions

Link copied to clipboard

Duration to tell the client to keep CORS options.