Package

play.filters

cors

Permalink

package cors

Visibility
  1. Public
  2. All

Type Members

  1. trait CORSActionBuilder extends ActionBuilder[Request, AnyContent] with AbstractCORSPolicy

    Permalink

    A play.api.mvc.ActionBuilder that implements Cross-Origin Resource Sharing (CORS)

    A play.api.mvc.ActionBuilder that implements Cross-Origin Resource Sharing (CORS)

    See also

    CORS specification

    play.filters.cors.CORSFilter

  2. trait CORSComponents extends AnyRef

    Permalink

    Components for the CORS Filter

  3. case class CORSConfig(allowedOrigins: Origins = Origins.None, isHttpMethodAllowed: (String) ⇒ Boolean = _ => true, isHttpHeaderAllowed: (String) ⇒ Boolean = _ => true, exposedHeaders: Seq[String] = Seq.empty, supportsCredentials: Boolean = true, preflightMaxAge: Duration = 1.hour, serveForbiddenOrigins: Boolean = false) extends Product with Serializable

    Permalink

    Configuration for play.filters.cors.AbstractCORSPolicy.

    Configuration for play.filters.cors.AbstractCORSPolicy.

    • allow only requests with origins from a whitelist (by default all origins are allowed)
    • allow only HTTP methods from a whitelist for preflight requests (by default all methods are allowed)
    • allow only HTTP headers from a whitelist for preflight requests (by default all headers are allowed)
    • set custom HTTP headers to be exposed in the response (by default no headers are exposed)
    • disable/enable support for credentials (by default credentials support is enabled)
    • set how long (in seconds) the results of a preflight request can be cached in a preflight result cache (by default 3600 seconds, 1 hour)
    • enable/disable serving requests with origins not in whitelist as non-CORS requests (by default they are forbidden)
    allowedOrigins

    §6.1.2 §6.2.2 Always matching is acceptable since the list of origins can be unbounded.

    isHttpMethodAllowed

    §6.2.5 Always matching is acceptable since the list of methods can be unbounded.

    isHttpHeaderAllowed

    §6.2.6 Always matching is acceptable since the list of headers can be unbounded.

  4. class CORSConfigProvider extends Provider[CORSConfig]

    Permalink

    Provider for CORSConfig.

  5. class CORSFilter extends EssentialFilter with AbstractCORSPolicy

    Permalink

    A play.api.mvc.Filter that implements Cross-Origin Resource Sharing (CORS)

    A play.api.mvc.Filter that implements Cross-Origin Resource Sharing (CORS)

    It can be configured to...

    • filter paths by a whitelist of path prefixes
    • allow only requests with origins from a whitelist (by default all origins are allowed) -
    • allow only HTTP methods from a whitelist for preflight requests (by default all methods are allowed)
    • allow only HTTP headers from a whitelist for preflight requests (by default all headers are allowed)
    • set custom HTTP headers to be exposed in the response (by default no headers are exposed)
    • disable/enable support for credentials (by default credentials support is enabled)
    • set how long (in seconds) the results of a preflight request can be cached in a preflight result cache (by default 3600 seconds, 1 hour)
    • enable/disable serving requests with origins not in whitelist as non-CORS requests (by default they are forbidden)
    See also

    CORS specification

    play.filters.cors.CORSActionBuilder

    play.filters.cors.AbstractCORSPolicy

    play.filters.cors.CORSConfig

  6. class CORSFilterProvider extends Provider[CORSFilter]

    Permalink

    Provider for CORSFilter.

  7. class CORSModule extends SimpleModule

    Permalink

    CORS module.

Value Members

  1. object CORSActionBuilder

    Permalink

    A play.api.mvc.ActionBuilder that implements Cross-Origin Resource Sharing (CORS)

    A play.api.mvc.ActionBuilder that implements Cross-Origin Resource Sharing (CORS)

    It can be configured to...

    • allow only requests with origins from a whitelist (by default all origins are allowed)
    • allow only HTTP methods from a whitelist for preflight requests (by default all methods are allowed)
    • allow only HTTP headers from a whitelist for preflight requests (by default all headers are allowed)
    • set custom HTTP headers to be exposed in the response (by default no headers are exposed)
    • disable/enable support for credentials (by default credentials support is enabled)
    • set how long (in seconds) the results of a preflight request can be cached in a preflight result cache (by default 3600 seconds, 1 hour)
    Example:
    1. CORSActionBuilder(configuration) { Ok } // an action that uses the application configuration
      CORSActionBuilder(configuration, "my-conf-path") { Ok } // an action that uses a subtree of the application configuration
      val corsConfig: CORSConfig = ...
      CORSActionBuilder(conf) { Ok } // an action that uses a locally defined configuration
    See also

    CORS specification

    play.filters.cors.CORSFilter

  2. object CORSConfig extends Serializable

    Permalink

    Helpers to build CORS policy configurations

  3. object CORSFilter

    Permalink

Ungrouped