object CORS

Implements the CORS protocol. The actual middleware is a CORSPolicy, which can be obtained via #policy.

Source
CORS.scala
See also

CORSPolicy

CORS protocol specification

Linear Supertypes
AnyRef, Any
Ordering
  1. Alphabetic
  2. By Inheritance
Inherited
  1. CORS
  2. AnyRef
  3. Any
  1. Hide All
  2. Show All
Visibility
  1. Public
  2. All

Value Members

  1. val policy: CORSPolicy

    The default CORS policy: - Sends Access-Control-Allow-Origin: * - Sends no Access-Control-Allow-Credentials - Sends no Access-Control-Expose-Headers - Sends Access-Control-Allow-Methods: GET, HEAD, POST - Reflects request's Access-Control-Request-Headers as Access-Control-Allow-Headers - Sends no Access-Control-Max-Age

Deprecated Value Members

  1. def DefaultCORSConfig: CORSConfig
    Annotations
    @deprecated
    Deprecated

    (Since version 0.21.27) The default CORSConfig is insecure. See https://github.com/http4s/http4s/security/advisories/GHSA-52cf-226f-rhr6.

  2. def apply[F[_], G[_]](http: Http[F, G], config: CORSConfig = DefaultCORSConfig)(implicit F: Applicative[F]): Http[F, G]

    CORS middleware This middleware provides clients with CORS information based on information in CORS config.

    CORS middleware This middleware provides clients with CORS information based on information in CORS config. Currently, you cannot make permissions depend on request details

    Annotations
    @deprecated @nowarn( value = "cat=deprecation" )
    Deprecated

    (Since version 0.21.27) Depends on a deficient CORSConfig. See https://github.com/http4s/http4s/security/advisories/GHSA-52cf-226f-rhr6. If config.anyOrigin is true and config.allowCredentials is true, then the Access-Control-Allow-Credentials header will be suppressed starting with 0.21.27.

  3. val defaultVaryHeader: Raw
    Annotations
    @deprecated
    Deprecated

    (Since version 0.21.27) Not the actual default CORS Vary heder, and will be removed from the public API.

  4. def httpApp[F[_]](httpApp: HttpApp[F])(implicit arg0: Applicative[F]): HttpApp[F]
    Annotations
    @deprecated
    Deprecated

    (Since version 0.21.27) Hardcoded to an insecure config. See https://github.com/http4s/http4s/security/advisories/GHSA-52cf-226f-rhr6.

  5. def httpRoutes[F[_]](httpRoutes: HttpRoutes[F])(implicit arg0: Monad[F]): HttpRoutes[F]
    Annotations
    @deprecated
    Deprecated

    (Since version 0.21.27) Hardcoded to an insecure config. See https://github.com/http4s/http4s/security/advisories/GHSA-52cf-226f-rhr6.