object CORS
Implements the CORS protocol. The actual middleware is a CORSPolicy, which can be obtained via #policy.
- Source
- CORS.scala
- See also
- Alphabetic
- By Inheritance
- CORS
- AnyRef
- Any
- Hide All
- Show All
- Public
- All
Value Members
-
val
policy: CORSPolicy
The default CORS policy: - Sends
Access-Control-Allow-Origin: *
- Sends noAccess-Control-Allow-Credentials
- Sends noAccess-Control-Expose-Headers
- SendsAccess-Control-Allow-Methods: GET, HEAD, POST
- Reflects request'sAccess-Control-Request-Headers
asAccess-Control-Allow-Headers
- Sends noAccess-Control-Max-Age
Deprecated Value Members
-
def
DefaultCORSConfig: CORSConfig
- Annotations
- @deprecated
- Deprecated
(Since version 0.21.27) The default
CORSConfig
is insecure. See https://github.com/http4s/http4s/security/advisories/GHSA-52cf-226f-rhr6.
-
def
apply[F[_], G[_]](http: Http[F, G], config: CORSConfig = DefaultCORSConfig)(implicit F: Applicative[F]): Http[F, G]
CORS middleware This middleware provides clients with CORS information based on information in CORS config.
CORS middleware This middleware provides clients with CORS information based on information in CORS config. Currently, you cannot make permissions depend on request details
- Annotations
- @deprecated @nowarn( value = "cat=deprecation" )
- Deprecated
(Since version 0.21.27) Depends on a deficient
CORSConfig
. See https://github.com/http4s/http4s/security/advisories/GHSA-52cf-226f-rhr6. If config.anyOrigin is true and config.allowCredentials is true, then theAccess-Control-Allow-Credentials
header will be suppressed starting with 0.21.27.
-
val
defaultVaryHeader: Raw
- Annotations
- @deprecated
- Deprecated
(Since version 0.21.27) Not the actual default CORS Vary heder, and will be removed from the public API.
-
def
httpApp[F[_]](httpApp: HttpApp[F])(implicit arg0: Applicative[F]): HttpApp[F]
- Annotations
- @deprecated
- Deprecated
(Since version 0.21.27) Hardcoded to an insecure config. See https://github.com/http4s/http4s/security/advisories/GHSA-52cf-226f-rhr6.
-
def
httpRoutes[F[_]](httpRoutes: HttpRoutes[F])(implicit arg0: Monad[F]): HttpRoutes[F]
- Annotations
- @deprecated
- Deprecated
(Since version 0.21.27) Hardcoded to an insecure config. See https://github.com/http4s/http4s/security/advisories/GHSA-52cf-226f-rhr6.