Polishing

This commit is contained in:
Juergen Hoeller
2019-04-02 20:04:07 +02:00
parent 95a84bbad1
commit 0babc1fb64
11 changed files with 176 additions and 126 deletions

View File

@@ -1,5 +1,5 @@
/*
* Copyright 2002-2018 the original author or authors.
* Copyright 2002-2019 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -52,14 +52,14 @@ public class CorsConfiguration {
/** Wildcard representing <em>all</em> origins, methods, or headers. */
public static final String ALL = "*";
private static final List<HttpMethod> DEFAULT_METHODS =
Collections.unmodifiableList(Arrays.asList(HttpMethod.GET, HttpMethod.HEAD));
private static final List<HttpMethod> DEFAULT_METHODS = Collections.unmodifiableList(
Arrays.asList(HttpMethod.GET, HttpMethod.HEAD));
private static final List<String> DEFAULT_PERMIT_ALL =
Collections.unmodifiableList(Arrays.asList(ALL));
private static final List<String> DEFAULT_PERMIT_METHODS = Collections.unmodifiableList(
Arrays.asList(HttpMethod.GET.name(), HttpMethod.HEAD.name(), HttpMethod.POST.name()));
private static final List<String> DEFAULT_PERMIT_METHODS =
Collections.unmodifiableList(Arrays.asList(HttpMethod.GET.name(), HttpMethod.HEAD.name(), HttpMethod.POST.name()));
private static final List<String> DEFAULT_PERMIT_ALL = Collections.unmodifiableList(
Collections.singletonList(ALL));
@Nullable
@@ -322,22 +322,21 @@ public class CorsConfiguration {
return this.maxAge;
}
/**
* By default a newly created {@code CorsConfiguration} does not permit any
* cross-origin requests and must be configured explicitly to indicate what
* should be allowed.
*
* <p>Use this method to flip the initialization model to start with open
* defaults that permit all cross-origin requests for GET, HEAD, and POST
* requests. Note however that this method will not override any existing
* values already set.
*
* <p>The following defaults are applied if not already set:
* <ul>
* <li>Allow all origins.</li>
* <li>Allow "simple" methods {@code GET}, {@code HEAD} and {@code POST}.</li>
* <li>Allow all headers.</li>
* <li>Set max age to 1800 seconds (30 minutes).</li>
* <li>Allow all origins.</li>
* <li>Allow "simple" methods {@code GET}, {@code HEAD} and {@code POST}.</li>
* <li>Allow all headers.</li>
* <li>Set max age to 1800 seconds (30 minutes).</li>
* </ul>
*/
public CorsConfiguration applyPermitDefaultValues() {
@@ -361,23 +360,19 @@ public class CorsConfiguration {
/**
* Combine the non-null properties of the supplied
* {@code CorsConfiguration} with this one.
*
* <p>When combining single values like {@code allowCredentials} or
* {@code maxAge}, {@code this} properties are overridden by non-null
* {@code other} properties if any.
*
* <p>Combining lists like {@code allowedOrigins}, {@code allowedMethods},
* {@code allowedHeaders} or {@code exposedHeaders} is done in an additive
* way. For example, combining {@code ["GET", "POST"]} with
* {@code ["PATCH"]} results in {@code ["GET", "POST", "PATCH"]}, but keep
* in mind that combining {@code ["GET", "POST"]} with {@code ["*"]}
* results in {@code ["*"]}.
*
* <p>Notice that default permit values set by
* {@link CorsConfiguration#applyPermitDefaultValues()} are overridden by
* any value explicitly defined.
*
* @return the combined {@code CorsConfiguration} or {@code this}
* @return the combined {@code CorsConfiguration}, or {@code this}
* configuration if the supplied configuration is {@code null}
*/
@Nullable