case class CORSConfig(allowedOrigins: Origins = Origins.None, isHttpMethodAllowed: (String) => Boolean = _ => true, isHttpHeaderAllowed: (String) => Boolean = _ => true, exposedHeaders: Seq[String] = Seq.empty, supportsCredentials: Boolean = true, preflightMaxAge: Duration = 1.hour, serveForbiddenOrigins: Boolean = false) extends Product with Serializable
Configuration for play.filters.cors.AbstractCORSPolicy.
- allow only requests with origins from a whitelist (by default all origins are allowed)
- allow only HTTP methods from a whitelist for preflight requests (by default all methods are allowed)
- allow only HTTP headers from a whitelist for preflight requests (by default all headers are allowed)
- set custom HTTP headers to be exposed in the response (by default no headers are exposed)
- disable/enable support for credentials (by default credentials support is enabled)
- set how long (in seconds) the results of a preflight request can be cached in a preflight result cache (by default 3600 seconds, 1 hour)
- enable/disable serving requests with origins not in whitelist as non-CORS requests (by default they are forbidden)
- allowedOrigins
§6.1.2 §6.2.2 Always matching is acceptable since the list of origins can be unbounded.
- isHttpMethodAllowed
§6.2.5 Always matching is acceptable since the list of methods can be unbounded.
- isHttpHeaderAllowed
§6.2.6 Always matching is acceptable since the list of headers can be unbounded.
- exposedHeaders
§6.1.4 By not adding the appropriate headers resource can also clear the preflight result cache of all entries where origin is a case-sensitive match for the value of the Origin header and url is a case-sensitive match for the URL of the resource.
- supportsCredentials
§6.1.3 The string "*" cannot be used for a resource that supports credentials.
- preflightMaxAge
§6.2.8 Set how long the user agent is allowed to cache the result of the preflight request.
- serveForbiddenOrigins
Enable/disable serving requests with origins not in whitelist as non-CORS requests.
- Source
- CORSConfig.scala
- Alphabetic
- By Inheritance
- CORSConfig
- Serializable
- Product
- Equals
- AnyRef
- Any
- Hide All
- Show All
- Public
- Protected
Instance Constructors
- new CORSConfig(allowedOrigins: Origins = Origins.None, isHttpMethodAllowed: (String) => Boolean = _ => true, isHttpHeaderAllowed: (String) => Boolean = _ => true, exposedHeaders: Seq[String] = Seq.empty, supportsCredentials: Boolean = true, preflightMaxAge: Duration = 1.hour, serveForbiddenOrigins: Boolean = false)
- allowedOrigins
§6.1.2 §6.2.2 Always matching is acceptable since the list of origins can be unbounded.
- isHttpMethodAllowed
§6.2.5 Always matching is acceptable since the list of methods can be unbounded.
- isHttpHeaderAllowed
§6.2.6 Always matching is acceptable since the list of headers can be unbounded.
- exposedHeaders
§6.1.4 By not adding the appropriate headers resource can also clear the preflight result cache of all entries where origin is a case-sensitive match for the value of the Origin header and url is a case-sensitive match for the URL of the resource.
- supportsCredentials
§6.1.3 The string "*" cannot be used for a resource that supports credentials.
- preflightMaxAge
§6.2.8 Set how long the user agent is allowed to cache the result of the preflight request.
- serveForbiddenOrigins
Enable/disable serving requests with origins not in whitelist as non-CORS requests.
Value Members
- final def !=(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
- final def ##: Int
- Definition Classes
- AnyRef → Any
- final def ==(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
- val allowedOrigins: Origins
- def anyOriginAllowed: Boolean
- final def asInstanceOf[T0]: T0
- Definition Classes
- Any
- def clone(): AnyRef
- Attributes
- protected[lang]
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.CloneNotSupportedException]) @HotSpotIntrinsicCandidate() @native()
- final def eq(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
- val exposedHeaders: Seq[String]
- final def getClass(): Class[_ <: AnyRef]
- Definition Classes
- AnyRef → Any
- Annotations
- @HotSpotIntrinsicCandidate() @native()
- val isHttpHeaderAllowed: (String) => Boolean
- val isHttpMethodAllowed: (String) => Boolean
- final def isInstanceOf[T0]: Boolean
- Definition Classes
- Any
- final def ne(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
- final def notify(): Unit
- Definition Classes
- AnyRef
- Annotations
- @HotSpotIntrinsicCandidate() @native()
- final def notifyAll(): Unit
- Definition Classes
- AnyRef
- Annotations
- @HotSpotIntrinsicCandidate() @native()
- val preflightMaxAge: Duration
- def productElementNames: Iterator[String]
- Definition Classes
- Product
- val serveForbiddenOrigins: Boolean
- val supportsCredentials: Boolean
- final def synchronized[T0](arg0: => T0): T0
- Definition Classes
- AnyRef
- final def wait(arg0: Long, arg1: Int): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.InterruptedException])
- final def wait(arg0: Long): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.InterruptedException]) @native()
- final def wait(): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.InterruptedException])
- def withAnyOriginAllowed: CORSConfig
- def withCredentialsSupport(supportsCredentials: Boolean): CORSConfig
- def withExposedHeaders(headers: List[String]): CORSConfig
- def withExposedHeaders(headers: Seq[String]): CORSConfig
- def withHeadersAllowed(headers: Function[String, Boolean]): CORSConfig
- def withHeadersAllowed(headers: (String) => Boolean): CORSConfig
- def withMethodsAllowed(methods: Function[String, Boolean]): CORSConfig
- def withMethodsAllowed(methods: (String) => Boolean): CORSConfig
- def withOriginsAllowed(origins: Function[String, Boolean]): CORSConfig
- def withOriginsAllowed(origins: (String) => Boolean): CORSConfig
- def withPreflightMaxAge(maxAge: Duration): CORSConfig
- def withPreflightMaxAge(maxAge: Duration): CORSConfig
- def withServeForbiddenOrigins(serveForbiddenOrigins: Boolean): CORSConfig
Deprecated Value Members
- def finalize(): Unit
- Attributes
- protected[lang]
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.Throwable]) @Deprecated
- Deprecated
(Since version 9)