Packages

package cors

Ordering
  1. Alphabetic
Visibility
  1. Public
  2. Protected

Type Members

  1. trait CORSActionBuilder extends ActionBuilder[Request, AnyContent] with AbstractCORSPolicy

    A play.api.mvc.ActionBuilder that implements Cross-Origin Resource Sharing (CORS)

    A play.api.mvc.ActionBuilder that implements Cross-Origin Resource Sharing (CORS)

    See also

    play.filters.cors.CORSFilter

    CORS specification

  2. trait CORSComponents extends AnyRef

    Components for the CORS Filter

  3. case class CORSConfig(allowedOrigins: Origins = Origins.None, isHttpMethodAllowed: (String) => Boolean = _ => true, isHttpHeaderAllowed: (String) => Boolean = _ => true, exposedHeaders: Seq[String] = Seq.empty, supportsCredentials: Boolean = true, preflightMaxAge: Duration = 1.hour, serveForbiddenOrigins: Boolean = false) extends Product with Serializable

    Configuration for play.filters.cors.AbstractCORSPolicy.

    Configuration for play.filters.cors.AbstractCORSPolicy.

    • allow only requests with origins from a whitelist (by default all origins are allowed)
    • allow only HTTP methods from a whitelist for preflight requests (by default all methods are allowed)
    • allow only HTTP headers from a whitelist for preflight requests (by default all headers are allowed)
    • set custom HTTP headers to be exposed in the response (by default no headers are exposed)
    • disable/enable support for credentials (by default credentials support is enabled)
    • set how long (in seconds) the results of a preflight request can be cached in a preflight result cache (by default 3600 seconds, 1 hour)
    • enable/disable serving requests with origins not in whitelist as non-CORS requests (by default they are forbidden)
    allowedOrigins

    §6.1.2 §6.2.2 Always matching is acceptable since the list of origins can be unbounded.

    isHttpMethodAllowed

    §6.2.5 Always matching is acceptable since the list of methods can be unbounded.

    isHttpHeaderAllowed

    §6.2.6 Always matching is acceptable since the list of headers can be unbounded.

    exposedHeaders

    §6.1.4 By not adding the appropriate headers resource can also clear the preflight result cache of all entries where origin is a case-sensitive match for the value of the Origin header and url is a case-sensitive match for the URL of the resource.

    supportsCredentials

    §6.1.3 The string "*" cannot be used for a resource that supports credentials.

    preflightMaxAge

    §6.2.8 Set how long the user agent is allowed to cache the result of the preflight request.

    serveForbiddenOrigins

    Enable/disable serving requests with origins not in whitelist as non-CORS requests.

  4. class CORSConfigProvider extends Provider[CORSConfig]

    Provider for CORSConfig.

  5. class CORSFilter extends EssentialFilter with AbstractCORSPolicy

    A play.api.mvc.Filter that implements Cross-Origin Resource Sharing (CORS)

    A play.api.mvc.Filter that implements Cross-Origin Resource Sharing (CORS)

    It can be configured to...

    • filter paths by a whitelist of path prefixes
    • allow only requests with origins from a whitelist (by default all origins are allowed) -
    • allow only HTTP methods from a whitelist for preflight requests (by default all methods are allowed)
    • allow only HTTP headers from a whitelist for preflight requests (by default all headers are allowed)
    • set custom HTTP headers to be exposed in the response (by default no headers are exposed)
    • disable/enable support for credentials (by default credentials support is enabled)
    • set how long (in seconds) the results of a preflight request can be cached in a preflight result cache (by default 3600 seconds, 1 hour)
    • enable/disable serving requests with origins not in whitelist as non-CORS requests (by default they are forbidden)
    See also

    play.filters.cors.CORSConfig

    play.filters.cors.AbstractCORSPolicy

    play.filters.cors.CORSActionBuilder

    CORS specification

  6. class CORSFilterProvider extends Provider[CORSFilter]

    Provider for CORSFilter.

  7. class CORSModule extends SimpleModule

    CORS module.

Value Members

  1. object CORSActionBuilder

    A play.api.mvc.ActionBuilder that implements Cross-Origin Resource Sharing (CORS)

    A play.api.mvc.ActionBuilder that implements Cross-Origin Resource Sharing (CORS)

    It can be configured to...

    • allow only requests with origins from a whitelist (by default all origins are allowed)
    • allow only HTTP methods from a whitelist for preflight requests (by default all methods are allowed)
    • allow only HTTP headers from a whitelist for preflight requests (by default all headers are allowed)
    • set custom HTTP headers to be exposed in the response (by default no headers are exposed)
    • disable/enable support for credentials (by default credentials support is enabled)
    • set how long (in seconds) the results of a preflight request can be cached in a preflight result cache (by default 3600 seconds, 1 hour)
    Example:
    1. CORSActionBuilder(configuration) { Ok } // an action that uses the application configuration
      
      CORSActionBuilder(configuration, "my-conf-path") { Ok } // an action that uses a subtree of the application configuration
      
      val corsConfig: CORSConfig = ...
      CORSActionBuilder(conf) { Ok } // an action that uses a locally defined configuration
    See also

    play.filters.cors.CORSFilter

    CORS specification

  2. object CORSConfig extends Serializable

    Helpers to build CORS policy configurations

  3. object CORSFilter

Ungrouped