sealed class CORSPolicy extends AnyRef

A middleware that applies the CORS protocol to any Http value. Obtain a reference to a CORSPolicy via the CORS object, which represents a default policy.

Requests with an Origin header will receive the appropriate CORS headers. More headers are available for "pre-flight" requests, those whose method is OPTIONS and has an Access-Control-Request-Method header.

Requests without the required headers, or requests that fail a CORS origin, method, or headers check are passed through to the underlying Http function, but do not receive any CORS headers in the response. The user agent will then block sharing the resource across origins according to the CORS protocol.

Source
CORS.scala
Linear Supertypes
AnyRef, Any
Ordering
  1. Alphabetic
  2. By Inheritance
Inherited
  1. CORSPolicy
  2. AnyRef
  3. Any
  1. Hide All
  2. Show All
Visibility
  1. Public
  2. All

Instance Constructors

  1. new CORSPolicy(allowOrigin: AllowOrigin, allowCredentials: AllowCredentials, exposeHeaders: ExposeHeaders, allowMethods: AllowMethods, allowHeaders: AllowHeaders, maxAge: MaxAge)

Value Members

  1. final def !=(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  2. final def ##(): Int
    Definition Classes
    AnyRef → Any
  3. final def ==(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  4. def apply[F[_], G[_]](http: Http[F, G])(implicit arg0: Applicative[F]): Http[F, G]
  5. final def asInstanceOf[T0]: T0
    Definition Classes
    Any
  6. def clone(): AnyRef
    Attributes
    protected[lang]
    Definition Classes
    AnyRef
    Annotations
    @throws( ... ) @native()
  7. final def eq(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  8. def equals(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  9. def finalize(): Unit
    Attributes
    protected[lang]
    Definition Classes
    AnyRef
    Annotations
    @throws( classOf[java.lang.Throwable] )
  10. final def getClass(): Class[_]
    Definition Classes
    AnyRef → Any
    Annotations
    @native()
  11. def hashCode(): Int
    Definition Classes
    AnyRef → Any
    Annotations
    @native()
  12. def httpApp[F[_]](httpApp: HttpApp[F])(implicit arg0: Applicative[F]): HttpApp[F]
  13. def httpRoutes[F[_]](httpRoutes: HttpRoutes[F])(implicit arg0: Monad[F]): HttpRoutes[F]
  14. def impl[F[_], G[_]](http: Http[F, G], preflightResponder: Http[F, G])(implicit arg0: Functor[F]): Http[F, G]
  15. final def isInstanceOf[T0]: Boolean
    Definition Classes
    Any
  16. final def ne(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  17. final def notify(): Unit
    Definition Classes
    AnyRef
    Annotations
    @native()
  18. final def notifyAll(): Unit
    Definition Classes
    AnyRef
    Annotations
    @native()
  19. final def synchronized[T0](arg0: ⇒ T0): T0
    Definition Classes
    AnyRef
  20. def toString(): String
    Definition Classes
    AnyRef → Any
  21. final def wait(): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws( ... )
  22. final def wait(arg0: Long, arg1: Int): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws( ... )
  23. final def wait(arg0: Long): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws( ... ) @native()
  24. def withAllowCredentials(b: Boolean): CORSPolicy

    Allow credentials.

    Allow credentials. Sends an Access-Control-Allow-Credentials: * on valid CORS requests if true, and omits the header if false.

    For security purposes, it is an invalid per the Fetch Living Standard that defines CORS to set this to true when any origin is allowed.

  25. def withAllowHeadersAll: CORSPolicy

    Allows CORS requests with any headers if credentials are not allowed.

    Allows CORS requests with any headers if credentials are not allowed. If credentials are allowed, allows requests with a literal header name of *, which is almost certainly not what you mean, but per spec.

    Sends an Access-Control-Allow-Headers: * header on valid CORS preflight requests.

  26. def withAllowHeadersIn(headers: Set[CIString]): CORSPolicy

    Allows CORS requests whose request headers are a subset of the headers enumerated here, or are CORS-safelisted.

    Allows CORS requests whose request headers are a subset of the headers enumerated here, or are CORS-safelisted.

    If preflight requests send an Access-Control-Request-Headers header, its value must be a subset of those passed here.

    Sends an Access-Control-Allow-Headers header with the specified headers on valid CORS preflight requests.

  27. def withAllowHeadersReflect: CORSPolicy

    Reflects the Access-Control-Request-Headers back as Access-Control-Allow-Headers on preflight requests.

    Reflects the Access-Control-Request-Headers back as Access-Control-Allow-Headers on preflight requests. This is most useful when credentials are allowed and a wildcard for Access-Control-Allow-Headers would be treated literally.

    Sends an Access-Control-Allow-Headers header with the specified headers on valid CORS preflight requests.

  28. def withAllowHeadersStatic(headers: Set[CIString]): CORSPolicy

    Returns a static value in Access-Control-Allow-Headers on preflight requests consisting of the supplied headers.

    Returns a static value in Access-Control-Allow-Headers on preflight requests consisting of the supplied headers.

    Sends an Access-Control-Allow-Headers header with the specified headers on valid CORS preflight requests.

  29. def withAllowMethodsAll: CORSPolicy

    Allows CORS requests with any method if credentials are not allowed.

    Allows CORS requests with any method if credentials are not allowed. If credentials are allowed, allows requests with a literal method of *, which is almost certainly not what you mean, but per spec.

    Sends an Access-Control-Allow-Headers: * header on valid CORS preflight requests.

  30. def withAllowMethodsIn(methods: Set[Method]): CORSPolicy

    Allows CORS requests with any of the specified methods allowed.

    Allows CORS requests with any of the specified methods allowed.

    Preflight requests must send a matching Access-Control-Request-Method header to receive a CORS response.

    Sends an Access-Control-Allow-Headers header with the specified headers on valid CORS preflight requests.

  31. def withAllowOriginAll: CORSPolicy

    Allow CORS requests from any origin with an Access-Control-Allow-Origin of *.

  32. def withAllowOriginHeader(p: (Origin) ⇒ Boolean): CORSPolicy

    Allow requests from any origin matching the predicate p.

    Allow requests from any origin matching the predicate p. On matching requests, the request origin is reflected as the Access-Control-Allow-Origin header.

    The Origin header contains some arcane settings, like multiple origins, or a null origin. withAllowOriginHost is generally more convenient.

  33. def withAllowOriginHost(p: (Host) ⇒ Boolean): CORSPolicy

    Allow requests from any origin host matching the predicate p.

    Allow requests from any origin host matching the predicate p. The origin host is the first value in the request's Origin header, if not null header, unless it is null. Examples:

    - Origin: http://www.example.com => http://www.example.com - Origin: http://www.example.com, http://example.net => http://www.example.com - Origin: null => always false

    A Set[Origin.Host] is often a good choice here, but a predicate is offered to support more advanced matching.

  34. def withAllowOriginHostCi(p: (CIString) ⇒ Boolean): CORSPolicy

    Allow requests from any origin host whose case-insensitive rendering matches predicate p.

    Allow requests from any origin host whose case-insensitive rendering matches predicate p. A concession to the fact that constructing Origin.Host values is verbose.

    See also

    #withAllowOriginHost

  35. def withExposeHeadersAll: CORSPolicy

    Exposes all response headers to the origin.

    Exposes all response headers to the origin.

    Sends an Access-Control-Expose-Headers: * header on valid CORS non-preflight requests.

  36. def withExposeHeadersIn(names: Set[CIString]): CORSPolicy

    Exposes specific response headers to the origin.

    Exposes specific response headers to the origin. These are in addition to CORS-safelisted response headers.

    Sends an Access-Control-Expose-Headers header with names as a comma-delimited string on valid CORS non-preflight requests.

  37. def withExposeHeadersNone: CORSPolicy

    Exposes no response headers to the origin beyond the CORS-safelisted response headers.

    Exposes no response headers to the origin beyond the CORS-safelisted response headers.

    Sends an Access-Control-Expose-Headers header with names as a comma-delimited string on valid CORS non-preflight requests.

  38. def withMaxAge(duration: FiniteDuration): CORSPolicy

    Sets the duration the results can be cached.

    Sets the duration the results can be cached. The duration is truncated to seconds. A negative value results in a cache duration of zero.

    Sends an Access-Control-Max-Age header with the duration in seconds on preflight requests.

  39. def withMaxAgeDefault: CORSPolicy

    Sets the duration the results can be cached to the user agent's default.

    Sets the duration the results can be cached to the user agent's default. This suppresses the Access-Control-Max-Age header.

  40. def withMaxAgeDisableCaching: CORSPolicy

    Instructs the client to not cache any preflight results.

    Instructs the client to not cache any preflight results.

    Sends an Access-Control-Max-Age: -1 header

Deprecated Value Members

  1. def apply[F[_], G[_]](http: Http[F, G])(implicit arg0: Functor[F]): Http[F, G]
    Attributes
    protected
    Annotations
    @deprecated
    Deprecated

    (Since version 0.21.28) Does not return 200 on preflight requests. Use the Applicative version

Inherited from AnyRef

Inherited from Any

Ungrouped