package cors
- Alphabetic
- Public
- All
Type Members
-
trait
CORSActionBuilder extends ActionBuilder[Request, AnyContent] with AbstractCORSPolicy
A play.api.mvc.ActionBuilder that implements Cross-Origin Resource Sharing (CORS)
A play.api.mvc.ActionBuilder that implements Cross-Origin Resource Sharing (CORS)
-
trait
CORSComponents extends AnyRef
Components for the CORS Filter
-
case class
CORSConfig(allowedOrigins: Origins = Origins.None, isHttpMethodAllowed: (String) ⇒ Boolean = _ => true, isHttpHeaderAllowed: (String) ⇒ Boolean = _ => true, exposedHeaders: Seq[String] = Seq.empty, supportsCredentials: Boolean = true, preflightMaxAge: Duration = 1.hour, serveForbiddenOrigins: Boolean = false) extends Product with Serializable
Configuration for play.filters.cors.AbstractCORSPolicy.
Configuration for play.filters.cors.AbstractCORSPolicy.
- allow only requests with origins from a whitelist (by default all origins are allowed)
- allow only HTTP methods from a whitelist for preflight requests (by default all methods are allowed)
- allow only HTTP headers from a whitelist for preflight requests (by default all headers are allowed)
- set custom HTTP headers to be exposed in the response (by default no headers are exposed)
- disable/enable support for credentials (by default credentials support is enabled)
- set how long (in seconds) the results of a preflight request can be cached in a preflight result cache (by default 3600 seconds, 1 hour)
- enable/disable serving requests with origins not in whitelist as non-CORS requests (by default they are forbidden)
- allowedOrigins
§6.1.2 §6.2.2 Always matching is acceptable since the list of origins can be unbounded.
- isHttpMethodAllowed
§6.2.5 Always matching is acceptable since the list of methods can be unbounded.
- isHttpHeaderAllowed
§6.2.6 Always matching is acceptable since the list of headers can be unbounded.
-
class
CORSConfigProvider extends Provider[CORSConfig]
Provider for CORSConfig.
-
class
CORSFilter extends EssentialFilter with AbstractCORSPolicy
A play.api.mvc.Filter that implements Cross-Origin Resource Sharing (CORS)
A play.api.mvc.Filter that implements Cross-Origin Resource Sharing (CORS)
It can be configured to...
- filter paths by a whitelist of path prefixes
- allow only requests with origins from a whitelist (by default all origins are allowed) -
- allow only HTTP methods from a whitelist for preflight requests (by default all methods are allowed)
- allow only HTTP headers from a whitelist for preflight requests (by default all headers are allowed)
- set custom HTTP headers to be exposed in the response (by default no headers are exposed)
- disable/enable support for credentials (by default credentials support is enabled)
- set how long (in seconds) the results of a preflight request can be cached in a preflight result cache (by default 3600 seconds, 1 hour)
- enable/disable serving requests with origins not in whitelist as non-CORS requests (by default they are forbidden)
- See also
play.filters.cors.AbstractCORSPolicy
-
class
CORSFilterProvider extends Provider[CORSFilter]
Provider for CORSFilter.
-
class
CORSModule extends SimpleModule
CORS module.
Value Members
-
object
CORSActionBuilder
A play.api.mvc.ActionBuilder that implements Cross-Origin Resource Sharing (CORS)
A play.api.mvc.ActionBuilder that implements Cross-Origin Resource Sharing (CORS)
It can be configured to...
- allow only requests with origins from a whitelist (by default all origins are allowed)
- allow only HTTP methods from a whitelist for preflight requests (by default all methods are allowed)
- allow only HTTP headers from a whitelist for preflight requests (by default all headers are allowed)
- set custom HTTP headers to be exposed in the response (by default no headers are exposed)
- disable/enable support for credentials (by default credentials support is enabled)
- set how long (in seconds) the results of a preflight request can be cached in a preflight result cache (by default 3600 seconds, 1 hour)
CORSActionBuilder(configuration) { Ok } // an action that uses the application configuration CORSActionBuilder(configuration, "my-conf-path") { Ok } // an action that uses a subtree of the application configuration val corsConfig: CORSConfig = ... CORSActionBuilder(conf) { Ok } // an action that uses a locally defined configuration
- See also
Example: -
object
CORSConfig extends Serializable
Helpers to build CORS policy configurations
- object CORSFilter