Package

play.filters

cors

Permalink

package cors

Visibility
  1. Public
  2. All

Type Members

  1. trait CORSActionBuilder extends ActionBuilder[Request] with AbstractCORSPolicy

    Permalink

    An play.api.mvc.ActionBuilder that implements Cross-Origin Resource Sharing (CORS)

    An play.api.mvc.ActionBuilder that implements Cross-Origin Resource Sharing (CORS)

    See also

    CORS specification

    CORSFilter

  2. trait CORSComponents extends AnyRef

    Permalink

    Components for the CORS Filter

  3. case class CORSConfig(allowedOrigins: Origins = Origins.None, isHttpMethodAllowed: (String) ⇒ Boolean = _ => true, isHttpHeaderAllowed: (String) ⇒ Boolean = _ => true, exposedHeaders: Seq[String] = Seq.empty, supportsCredentials: Boolean = true, preflightMaxAge: Duration = 1.hour, serveForbiddenOrigins: Boolean = false) extends Product with Serializable

    Permalink

    Configuration for AbstractCORSPolicy

    Configuration for AbstractCORSPolicy

    • allow only requests with origins from a whitelist (by default all origins are allowed)
    • allow only HTTP methods from a whitelist for preflight requests (by default all methods are allowed)
    • allow only HTTP headers from a whitelist for preflight requests (by default all headers are allowed)
    • set custom HTTP headers to be exposed in the response (by default no headers are exposed)
    • disable/enable support for credentials (by default credentials support is enabled)
    • set how long (in seconds) the results of a preflight request can be cached in a preflight result cache (by default 3600 seconds, 1 hour)
    • enable/disable serving requests with origins not in whitelist as non-CORS requests (by default they are forbidden)
    allowedOrigins

    §6.1.2 §6.2.2 Always matching is acceptable since the list of origins can be unbounded.

    isHttpMethodAllowed

    §6.2.5 Always matching is acceptable since the list of methods can be unbounded.

    isHttpHeaderAllowed

    §6.2.6 Always matching is acceptable since the list of headers can be unbounded.

  4. class CORSConfigProvider extends Provider[CORSConfig]

    Permalink

    Provider for CORSConfig.

  5. class CORSFilter extends Filter with AbstractCORSPolicy

    Permalink

    A play.api.mvc.Filter that implements Cross-Origin Resource Sharing (CORS)

    A play.api.mvc.Filter that implements Cross-Origin Resource Sharing (CORS)

    It can be configured to...

    • filter paths by a whitelist of path prefixes
    • allow only requests with origins from a whitelist (by default all origins are allowed)
    • allow only HTTP methods from a whitelist for preflight requests (by default all methods are allowed)
    • allow only HTTP headers from a whitelist for preflight requests (by default all headers are allowed)
    • set custom HTTP headers to be exposed in the response (by default no headers are exposed)
    • disable/enable support for credentials (by default credentials support is enabled)
    • set how long (in seconds) the results of a preflight request can be cached in a preflight result cache (by default 3600 seconds, 1 hour)
    • enable/disable serving requests with origins not in whitelist as non-CORS requests (by default they are forbidden)
    See also

    CORS specification

    CORSActionBuilder

    AbstractCORSPolicy

    CORSConfig

  6. class CORSFilterProvider extends Provider[CORSFilter]

    Permalink

    Provider for CORSFilter.

  7. class CORSModule extends Module

    Permalink

    CORS module.

Value Members

  1. object CORSActionBuilder

    Permalink

    An play.api.mvc.ActionBuilder that implements Cross-Origin Resource Sharing (CORS)

    An play.api.mvc.ActionBuilder that implements Cross-Origin Resource Sharing (CORS)

    It can be configured to...

    • allow only requests with origins from a whitelist (by default all origins are allowed)
    • allow only HTTP methods from a whitelist for preflight requests (by default all methods are allowed)
    • allow only HTTP headers from a whitelist for preflight requests (by default all headers are allowed)
    • set custom HTTP headers to be exposed in the response (by default no headers are exposed)
    • disable/enable support for credentials (by default credentials support is enabled)
    • set how long (in seconds) the results of a preflight request can be cached in a preflight result cache (by default 3600 seconds, 1 hour)
    Example:
    1. CORSActionBuilder(configuration) { Ok } // an action that uses the application configuration
      CORSActionBuilder(configuration, "my-conf-path") { Ok } // an action that uses a subtree of the application configuration
      val corsConfig: CORSConfig = ...
      CORSActionBuilder(conf) { Ok } // an action that uses a locally defined configuration
    See also

    CORS specification

    CORSFilter

  2. object CORSConfig extends Serializable

    Permalink

    Helpers to build CORS policy configurations

  3. object CORSFilter

    Permalink

Ungrouped