package cors
- Alphabetic
- Public
- Protected
Type Members
- trait CORSActionBuilder extends ActionBuilder[Request, AnyContent] with AbstractCORSPolicy
A play.api.mvc.ActionBuilder that implements Cross-Origin Resource Sharing (CORS)
A play.api.mvc.ActionBuilder that implements Cross-Origin Resource Sharing (CORS)
- trait CORSComponents extends AnyRef
Components for the CORS Filter
- case class CORSConfig(allowedOrigins: Origins = Origins.None, isHttpMethodAllowed: (String) => Boolean = _ => true, isHttpHeaderAllowed: (String) => Boolean = _ => true, exposedHeaders: Seq[String] = Seq.empty, supportsCredentials: Boolean = true, preflightMaxAge: Duration = 1.hour, serveForbiddenOrigins: Boolean = false) extends Product with Serializable
Configuration for play.filters.cors.AbstractCORSPolicy.
Configuration for play.filters.cors.AbstractCORSPolicy.
- allow only requests with origins from a whitelist (by default all origins are allowed)
- allow only HTTP methods from a whitelist for preflight requests (by default all methods are allowed)
- allow only HTTP headers from a whitelist for preflight requests (by default all headers are allowed)
- set custom HTTP headers to be exposed in the response (by default no headers are exposed)
- disable/enable support for credentials (by default credentials support is enabled)
- set how long (in seconds) the results of a preflight request can be cached in a preflight result cache (by default 3600 seconds, 1 hour)
- enable/disable serving requests with origins not in whitelist as non-CORS requests (by default they are forbidden)
- allowedOrigins
§6.1.2 §6.2.2 Always matching is acceptable since the list of origins can be unbounded.
- isHttpMethodAllowed
§6.2.5 Always matching is acceptable since the list of methods can be unbounded.
- isHttpHeaderAllowed
§6.2.6 Always matching is acceptable since the list of headers can be unbounded.
- exposedHeaders
§6.1.4 By not adding the appropriate headers resource can also clear the preflight result cache of all entries where origin is a case-sensitive match for the value of the Origin header and url is a case-sensitive match for the URL of the resource.
- supportsCredentials
§6.1.3 The string "*" cannot be used for a resource that supports credentials.
- preflightMaxAge
§6.2.8 Set how long the user agent is allowed to cache the result of the preflight request.
- serveForbiddenOrigins
Enable/disable serving requests with origins not in whitelist as non-CORS requests.
- class CORSConfigProvider extends Provider[CORSConfig]
Provider for CORSConfig.
- class CORSFilter extends EssentialFilter with AbstractCORSPolicy
A play.api.mvc.Filter that implements Cross-Origin Resource Sharing (CORS)
A play.api.mvc.Filter that implements Cross-Origin Resource Sharing (CORS)
It can be configured to...
- filter paths by a whitelist of path prefixes
- allow only requests with origins from a whitelist (by default all origins are allowed) -
- allow only HTTP methods from a whitelist for preflight requests (by default all methods are allowed)
- allow only HTTP headers from a whitelist for preflight requests (by default all headers are allowed)
- set custom HTTP headers to be exposed in the response (by default no headers are exposed)
- disable/enable support for credentials (by default credentials support is enabled)
- set how long (in seconds) the results of a preflight request can be cached in a preflight result cache (by default 3600 seconds, 1 hour)
- enable/disable serving requests with origins not in whitelist as non-CORS requests (by default they are forbidden)
- See also
play.filters.cors.AbstractCORSPolicy
- class CORSFilterProvider extends Provider[CORSFilter]
Provider for CORSFilter.
- class CORSModule extends SimpleModule
CORS module.
Value Members
- object CORSActionBuilder
A play.api.mvc.ActionBuilder that implements Cross-Origin Resource Sharing (CORS)
A play.api.mvc.ActionBuilder that implements Cross-Origin Resource Sharing (CORS)
It can be configured to...
- allow only requests with origins from a whitelist (by default all origins are allowed)
- allow only HTTP methods from a whitelist for preflight requests (by default all methods are allowed)
- allow only HTTP headers from a whitelist for preflight requests (by default all headers are allowed)
- set custom HTTP headers to be exposed in the response (by default no headers are exposed)
- disable/enable support for credentials (by default credentials support is enabled)
- set how long (in seconds) the results of a preflight request can be cached in a preflight result cache (by default 3600 seconds, 1 hour)
CORSActionBuilder(configuration) { Ok } // an action that uses the application configuration CORSActionBuilder(configuration, "my-conf-path") { Ok } // an action that uses a subtree of the application configuration val corsConfig: CORSConfig = ... CORSActionBuilder(conf) { Ok } // an action that uses a locally defined configuration
- See also
Example: - object CORSConfig extends Serializable
Helpers to build CORS policy configurations
- object CORSFilter