Packages

case class CORSConfig(allowedOrigins: Origins = Origins.None, isHttpMethodAllowed: (String) => Boolean = _ => true, isHttpHeaderAllowed: (String) => Boolean = _ => true, exposedHeaders: Seq[String] = Seq.empty, supportsCredentials: Boolean = true, preflightMaxAge: Duration = 1.hour, serveForbiddenOrigins: Boolean = false) extends Product with Serializable

Configuration for play.filters.cors.AbstractCORSPolicy.

  • allow only requests with origins from a whitelist (by default all origins are allowed)
  • allow only HTTP methods from a whitelist for preflight requests (by default all methods are allowed)
  • allow only HTTP headers from a whitelist for preflight requests (by default all headers are allowed)
  • set custom HTTP headers to be exposed in the response (by default no headers are exposed)
  • disable/enable support for credentials (by default credentials support is enabled)
  • set how long (in seconds) the results of a preflight request can be cached in a preflight result cache (by default 3600 seconds, 1 hour)
  • enable/disable serving requests with origins not in whitelist as non-CORS requests (by default they are forbidden)
allowedOrigins

§6.1.2 §6.2.2 Always matching is acceptable since the list of origins can be unbounded.

isHttpMethodAllowed

§6.2.5 Always matching is acceptable since the list of methods can be unbounded.

isHttpHeaderAllowed

§6.2.6 Always matching is acceptable since the list of headers can be unbounded.

exposedHeaders

§6.1.4 By not adding the appropriate headers resource can also clear the preflight result cache of all entries where origin is a case-sensitive match for the value of the Origin header and url is a case-sensitive match for the URL of the resource.

supportsCredentials

§6.1.3 The string "*" cannot be used for a resource that supports credentials.

preflightMaxAge

§6.2.8 Set how long the user agent is allowed to cache the result of the preflight request.

serveForbiddenOrigins

Enable/disable serving requests with origins not in whitelist as non-CORS requests.

Source
CORSConfig.scala
Linear Supertypes
Serializable, Product, Equals, AnyRef, Any
Ordering
  1. Alphabetic
  2. By Inheritance
Inherited
  1. CORSConfig
  2. Serializable
  3. Product
  4. Equals
  5. AnyRef
  6. Any
  1. Hide All
  2. Show All
Visibility
  1. Public
  2. Protected

Instance Constructors

  1. new CORSConfig(allowedOrigins: Origins = Origins.None, isHttpMethodAllowed: (String) => Boolean = _ => true, isHttpHeaderAllowed: (String) => Boolean = _ => true, exposedHeaders: Seq[String] = Seq.empty, supportsCredentials: Boolean = true, preflightMaxAge: Duration = 1.hour, serveForbiddenOrigins: Boolean = false)

    allowedOrigins

    §6.1.2 §6.2.2 Always matching is acceptable since the list of origins can be unbounded.

    isHttpMethodAllowed

    §6.2.5 Always matching is acceptable since the list of methods can be unbounded.

    isHttpHeaderAllowed

    §6.2.6 Always matching is acceptable since the list of headers can be unbounded.

    exposedHeaders

    §6.1.4 By not adding the appropriate headers resource can also clear the preflight result cache of all entries where origin is a case-sensitive match for the value of the Origin header and url is a case-sensitive match for the URL of the resource.

    supportsCredentials

    §6.1.3 The string "*" cannot be used for a resource that supports credentials.

    preflightMaxAge

    §6.2.8 Set how long the user agent is allowed to cache the result of the preflight request.

    serveForbiddenOrigins

    Enable/disable serving requests with origins not in whitelist as non-CORS requests.

Value Members

  1. final def !=(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  2. final def ##: Int
    Definition Classes
    AnyRef → Any
  3. final def ==(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  4. val allowedOrigins: Origins
  5. def anyOriginAllowed: Boolean
  6. final def asInstanceOf[T0]: T0
    Definition Classes
    Any
  7. def clone(): AnyRef
    Attributes
    protected[lang]
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.CloneNotSupportedException]) @HotSpotIntrinsicCandidate() @native()
  8. final def eq(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  9. val exposedHeaders: Seq[String]
  10. final def getClass(): Class[_ <: AnyRef]
    Definition Classes
    AnyRef → Any
    Annotations
    @HotSpotIntrinsicCandidate() @native()
  11. val isHttpHeaderAllowed: (String) => Boolean
  12. val isHttpMethodAllowed: (String) => Boolean
  13. final def isInstanceOf[T0]: Boolean
    Definition Classes
    Any
  14. final def ne(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  15. final def notify(): Unit
    Definition Classes
    AnyRef
    Annotations
    @HotSpotIntrinsicCandidate() @native()
  16. final def notifyAll(): Unit
    Definition Classes
    AnyRef
    Annotations
    @HotSpotIntrinsicCandidate() @native()
  17. val preflightMaxAge: Duration
  18. def productElementNames: Iterator[String]
    Definition Classes
    Product
  19. val serveForbiddenOrigins: Boolean
  20. val supportsCredentials: Boolean
  21. final def synchronized[T0](arg0: => T0): T0
    Definition Classes
    AnyRef
  22. final def wait(arg0: Long, arg1: Int): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.InterruptedException])
  23. final def wait(arg0: Long): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.InterruptedException]) @native()
  24. final def wait(): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.InterruptedException])
  25. def withAnyOriginAllowed: CORSConfig
  26. def withCredentialsSupport(supportsCredentials: Boolean): CORSConfig
  27. def withExposedHeaders(headers: List[String]): CORSConfig
  28. def withExposedHeaders(headers: Seq[String]): CORSConfig
  29. def withHeadersAllowed(headers: Function[String, Boolean]): CORSConfig
  30. def withHeadersAllowed(headers: (String) => Boolean): CORSConfig
  31. def withMethodsAllowed(methods: Function[String, Boolean]): CORSConfig
  32. def withMethodsAllowed(methods: (String) => Boolean): CORSConfig
  33. def withOriginsAllowed(origins: Function[String, Boolean]): CORSConfig
  34. def withOriginsAllowed(origins: (String) => Boolean): CORSConfig
  35. def withPreflightMaxAge(maxAge: Duration): CORSConfig
  36. def withPreflightMaxAge(maxAge: Duration): CORSConfig
  37. def withServeForbiddenOrigins(serveForbiddenOrigins: Boolean): CORSConfig

Deprecated Value Members

  1. def finalize(): Unit
    Attributes
    protected[lang]
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.Throwable]) @Deprecated
    Deprecated

    (Since version 9)

Inherited from Serializable

Inherited from Product

Inherited from Equals

Inherited from AnyRef

Inherited from Any

Ungrouped