play.filters

cors

package cors

Visibility
  1. Public
  2. All

Type Members

  1. trait AbstractCORSPolicy extends AnyRef

    An abstraction for providing play.api.mvc.Actions and play.api.mvc.Filters that support Cross-Origin Resource Sharing (CORS)

    An abstraction for providing play.api.mvc.Actions and play.api.mvc.Filters that support Cross-Origin Resource Sharing (CORS)

    See also

    CORS specification

  2. trait CORSActionBuilder extends ActionBuilder[Request] with AbstractCORSPolicy

    An ActionBuilder that implements Cross-Origin Resource Sharing (CORS)

    An ActionBuilder that implements Cross-Origin Resource Sharing (CORS)

    See also

    CORS specification

    CORSFilter

  3. trait CORSComponents extends AnyRef

    Components for the CORS Filter

  4. case class CORSConfig(anyOriginAllowed: Boolean = true, allowedOrigins: Set[String] = Set.empty, isHttpMethodAllowed: (String) ⇒ Boolean = _ => true, isHttpHeaderAllowed: (String) ⇒ Boolean = _ => true, exposedHeaders: Seq[String] = Seq.empty, supportsCredentials: Boolean = true, preflightMaxAge: Duration = 1.hour) extends Product with Serializable

    Configuration for AbstractCORSPolicy

    Configuration for AbstractCORSPolicy

    • allow only requests with origins from a whitelist (by default all origins are allowed)
    • allow only HTTP methods from a whitelist for preflight requests (by default all methods are allowed)
    • allow only HTTP headers from a whitelist for preflight requests (by default all headers are allowed)
    • set custom HTTP headers to be exposed in the response (by default no headers are exposed)
    • disable/enable support for credentials (by default credentials support is enabled)
    • set how long (in seconds) the results of a preflight request can be cached in a preflight result cache (by default 3600 seconds, 1 hour)
    anyOriginAllowed

    §6.1.2 §6.2.2 Always matching is acceptable since the list of origins can be unbounded.

    isHttpMethodAllowed

    §6.2.5 Always matching is acceptable since the list of methods can be unbounded.

    isHttpHeaderAllowed

    §6.2.6 Always matching is acceptable since the list of headers can be unbounded.

  5. class CORSConfigProvider extends Provider[CORSConfig]

    Provider for CORSConfig.

  6. class CORSFilter extends Filter with AbstractCORSPolicy

    A Filter that implements Cross-Origin Resource Sharing (CORS)

    A Filter that implements Cross-Origin Resource Sharing (CORS)

    It can be configured to...

    • filter paths by a whitelist of path prefixes
    • allow only requests with origins from a whitelist (by default all origins are allowed)
    • allow only HTTP methods from a whitelist for preflight requests (by default all methods are allowed)
    • allow only HTTP headers from a whitelist for preflight requests (by default all headers are allowed)
    • set custom HTTP headers to be exposed in the response (by default no headers are exposed)
    • disable/enable support for credentials (by default credentials support is enabled)
    • set how long (in seconds) the results of a preflight request can be cached in a preflight result cache (by default 3600 seconds, 1 hour)
    See also

    CORS specification

    CORSActionBuilder

    AbstractCORSPolicy

    CORSConfig

  7. class CORSFilterProvider extends Provider[CORSFilter]

    Provider for CORSFilter.

  8. class CORSModule extends Module

    CORS module.

Value Members

  1. object CORSActionBuilder

    An ActionBuilder that implements Cross-Origin Resource Sharing (CORS)

    An ActionBuilder that implements Cross-Origin Resource Sharing (CORS)

    It can be configured to...

    • allow only requests with origins from a whitelist (by default all origins are allowed)
    • allow only HTTP methods from a whitelist for preflight requests (by default all methods are allowed)
    • allow only HTTP headers from a whitelist for preflight requests (by default all headers are allowed)
    • set custom HTTP headers to be exposed in the response (by default no headers are exposed)
    • disable/enable support for credentials (by default credentials support is enabled)
    • set how long (in seconds) the results of a preflight request can be cached in a preflight result cache (by default 3600 seconds, 1 hour)
    Example:
    1. CORSActionBuilder(configuration) { Ok } // an action that uses the application configuration
      
      CORSActionBuilder(configuration, "my-conf-path") { Ok } // an action that uses a subtree of the application configuration
      
      val corsConfig: CORSConfig = ...
      CORSActionBuilder(conf) { Ok } // an action that uses a locally defined configuration
    See also

    CORS specification

    CORSFilter

  2. object CORSConfig extends Serializable

    Helpers to build CORS policy configurations

  3. object CORSFilter

Ungrouped