trait CorsSettings extends javadsl.settings.CorsSettings

Settings for the CORS support

This implementation is based on the akka-http-cors project by Lomig Mégard, licensed under the Apache License, Version 2.0.

Not for user extension

Self Type
CorsSettingsImpl
Annotations
@ApiMayChange() @DoNotInherit()
Source
CorsSettings.scala
Type Hierarchy
Ordering
  1. Alphabetic
  2. By Inheritance
Inherited
  1. CorsSettings
  2. CorsSettings
  3. AnyRef
  4. Any
Implicitly
  1. by any2stringadd
  2. by StringFormat
  3. by Ensuring
  4. by ArrowAssoc
  1. Hide All
  2. Show All
Visibility
  1. Public
  2. Protected

Abstract Value Members

  1. abstract def allowCredentials: Boolean

    If enabled, the header Access-Control-Allow-Credentials is included in the response, indicating that the actual request can include user credentials.

    If enabled, the header Access-Control-Allow-Credentials is included in the response, indicating that the actual request can include user credentials. Examples of user credentials are: cookies, HTTP authentication or client-side certificates.

    Definition Classes
    CorsSettingsCorsSettings
  2. abstract def allowGenericHttpRequests: Boolean

    Allow generic requests, that are outside the scope of the specification, for example lacking an Origin header to pass through the directive.

    Allow generic requests, that are outside the scope of the specification, for example lacking an Origin header to pass through the directive.

    When false strict CORS filtering is applied and any invalid request will be rejected.

    Definition Classes
    CorsSettingsCorsSettings
  3. abstract def allowedHeaders: Set[String]

    Set of request headers that are allowed when making an actual request.

    Set of request headers that are allowed when making an actual request.

    Controls the content of the Access-Control-Allow-Headers header in a preflight response: If set to a single *, the headers from Access-Control-Request-Headers are echoed. Otherwise specified list of header names is returned as part of the header.

  4. abstract def allowedMethods: Set[HttpMethod]

    List of methods allowed when making an actual request.

    List of methods allowed when making an actual request. The listed headers are returned as part of the Access-Control-Allow-Methods preflight response header.

    The preflight request will be rejected if the Access-Control-Request-Method header's method is not part of the list.

  5. abstract def allowedOrigins: Set[String]

    List of origins that the CORS filter must allow.

    List of origins that the CORS filter must allow.

    Can also be set to a single * to allow access to the resource from any origin.

    Controls the content of the Access-Control-Allow-Origin response header: if parameter is * and credentials are not allowed, a * is returned in Access-Control-Allow-Origin. Otherwise, the origins given in the Origin request header are echoed.

    Hostname starting with *. will match any sub-domain. The scheme and the port are always strictly matched.

    The actual or preflight request is rejected if any of the origins from the request is not allowed.

  6. abstract def exposedHeaders: Set[String]

    Set of headers (other than simple response headers) that browsers are allowed to access.

    Set of headers (other than simple response headers) that browsers are allowed to access. If not empty, the listed headers are returned as part of the Access-Control-Expose-Headers header in responses.

  7. abstract def maxAge: FiniteDuration

    The time the browser is allowed to cache the results of a preflight request.

    The time the browser is allowed to cache the results of a preflight request. This value is returned as part of the Access-Control-Max-Age preflight response header. If scala.concurrent.duration.Duration.Zero, the header is not added to the preflight response.

Concrete Value Members

  1. def getAllowedHeaders: Set[String]

    Set of request headers that are allowed when making an actual request.

    Set of request headers that are allowed when making an actual request.

    Controls the content of the Access-Control-Allow-Headers header in a preflight response: If set to a single *, the headers from Access-Control-Request-Headers are echoed. Otherwise specified list of header names is returned as part of the header.

    Definition Classes
    CorsSettings
  2. def getAllowedMethods: Set[HttpMethod]

    List of methods allowed when making an actual request.

    List of methods allowed when making an actual request. The listed headers are returned as part of the Access-Control-Allow-Methods preflight response header.

    The preflight request will be rejected if the Access-Control-Request-Method header's method is not part of the list.

    Definition Classes
    CorsSettings
  3. def getAllowedOrigins: Set[String]

    List of origins that the CORS filter must allow.

    List of origins that the CORS filter must allow.

    Can also be set to a single * to allow access to the resource from any origin.

    Controls the content of the Access-Control-Allow-Origin response header: if parameter is * and credentials are not allowed, a * is returned in Access-Control-Allow-Origin. Otherwise, the origins given in the Origin request header are echoed.

    Hostname starting with *. will match any sub-domain. The scheme and the port are always strictly matched.

    The actual or preflight request is rejected if any of the origins from the request is not allowed.

    Definition Classes
    CorsSettings
  4. def getExposedHeaders: Set[String]

    Set of headers (other than simple response headers) that browsers are allowed to access.

    Set of headers (other than simple response headers) that browsers are allowed to access. If not empty, the listed headers are returned as part of the Access-Control-Expose-Headers header in responses.

    Definition Classes
    CorsSettings
  5. def getMaxAge: Duration

    The time the browser is allowed to cache the results of a preflight request.

    The time the browser is allowed to cache the results of a preflight request. This value is returned as part of the Access-Control-Max-Age preflight response header. If java.time.Duration.ZERO, the header is not added to the preflight response.

    Definition Classes
    CorsSettings
  6. def withAllowAnyHeader(): CorsSettings
    Definition Classes
    CorsSettingsCorsSettings
  7. def withAllowAnyOrigin(): CorsSettings
    Definition Classes
    CorsSettingsCorsSettings
  8. def withAllowCredentials(allow: Boolean): CorsSettings
    Definition Classes
    CorsSettingsCorsSettings
  9. def withAllowGenericHttpRequests(allow: Boolean): CorsSettings
    Definition Classes
    CorsSettingsCorsSettings
  10. def withAllowedHeaders(headerNames: Set[String]): CorsSettings
  11. def withAllowedHeaders(headerNames: Set[String]): javadsl.settings.CorsSettings
    Definition Classes
    CorsSettings
  12. def withAllowedMethods(methods: Set[HttpMethod]): CorsSettings
  13. def withAllowedMethods(methods: Set[HttpMethod]): javadsl.settings.CorsSettings
    Definition Classes
    CorsSettings
  14. def withAllowedOrigins(origins: Set[String]): CorsSettings
  15. def withAllowedOrigins(origins: Set[String]): javadsl.settings.CorsSettings
    Definition Classes
    CorsSettings
  16. def withExposedHeaders(headerNames: Set[String]): CorsSettings
  17. def withExposedHeaders(headerNames: Set[String]): javadsl.settings.CorsSettings
    Definition Classes
    CorsSettings
  18. def withMaxAge(maxAge: FiniteDuration): CorsSettings