Better encapsulation for CORS default permit configuration
This commit also improves CorsRegistration Javadoc. Issue: SPR-14798
This commit is contained in:
committed by
Rossen Stoyanchev
parent
25e7cd577d
commit
50f2cda009
@@ -23,11 +23,13 @@ import java.lang.annotation.RetentionPolicy;
|
||||
import java.lang.annotation.Target;
|
||||
|
||||
import org.springframework.core.annotation.AliasFor;
|
||||
import org.springframework.web.cors.CorsConfiguration;
|
||||
|
||||
/**
|
||||
* Marks the annotated method or type as permitting cross origin requests.
|
||||
*
|
||||
* <p>By default, all origins and headers are permitted.
|
||||
* <p>By default, all origins, headers are permitted, credentials are allowed and the
|
||||
* maximum age is set to 30 minutes.
|
||||
*
|
||||
* <p><b>NOTE:</b> {@code @CrossOrigin} is processed if an appropriate
|
||||
* {@code HandlerMapping}-{@code HandlerAdapter} pair is configured such as the
|
||||
@@ -44,12 +46,28 @@ import org.springframework.core.annotation.AliasFor;
|
||||
@Documented
|
||||
public @interface CrossOrigin {
|
||||
|
||||
/**
|
||||
* @deprecated as of Spring 5.0, in favor of using {@link CorsConfiguration#applyDefaultPermitConfiguration}
|
||||
*/
|
||||
@Deprecated
|
||||
String[] DEFAULT_ORIGINS = { "*" };
|
||||
|
||||
/**
|
||||
* @deprecated as of Spring 5.0, in favor of using {@link CorsConfiguration#applyDefaultPermitConfiguration}
|
||||
*/
|
||||
@Deprecated
|
||||
String[] DEFAULT_ALLOWED_HEADERS = { "*" };
|
||||
|
||||
/**
|
||||
* @deprecated as of Spring 5.0, in favor of using {@link CorsConfiguration#applyDefaultPermitConfiguration}
|
||||
*/
|
||||
@Deprecated
|
||||
boolean DEFAULT_ALLOW_CREDENTIALS = true;
|
||||
|
||||
/**
|
||||
* @deprecated as of Spring 5.0, in favor of using {@link CorsConfiguration#applyDefaultPermitConfiguration}
|
||||
*/
|
||||
@Deprecated
|
||||
long DEFAULT_MAX_AGE = 1800;
|
||||
|
||||
|
||||
|
||||
@@ -17,6 +17,7 @@
|
||||
package org.springframework.web.cors;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Arrays;
|
||||
import java.util.Collections;
|
||||
import java.util.LinkedHashSet;
|
||||
import java.util.List;
|
||||
@@ -71,7 +72,9 @@ public class CorsConfiguration {
|
||||
|
||||
|
||||
/**
|
||||
* Construct a new, empty {@code CorsConfiguration} instance.
|
||||
* Construct a new {@code CorsConfiguration} instance with nothing allowed by default
|
||||
* but {@code "GET"} and {@code "HEAD"} methods.
|
||||
* @see #applyDefaultPermitConfiguration()
|
||||
*/
|
||||
public CorsConfiguration() {
|
||||
}
|
||||
@@ -90,6 +93,36 @@ public class CorsConfiguration {
|
||||
this.maxAge = other.maxAge;
|
||||
}
|
||||
|
||||
/**
|
||||
* Apply the following default permit configuration only for properties that has not
|
||||
* been defined:
|
||||
* <ul>
|
||||
* <li>All origins are allowed</li>
|
||||
* <li>Simple methods ({@code GET}, {@code HEAD} and {@code POST}) are allowed</li>
|
||||
* <li>All headers are allowed</li>
|
||||
* <li>Credentials are allowed</li>
|
||||
* <li>Max age is set to 1800 seconds (30 minutes)</li>
|
||||
* </ul>
|
||||
*/
|
||||
public CorsConfiguration applyDefaultPermitConfiguration() {
|
||||
if (this.allowedOrigins == null) {
|
||||
this.addAllowedOrigin(ALL);
|
||||
}
|
||||
if (this.allowedMethods == null) {
|
||||
this.setAllowedMethods(Arrays.asList(HttpMethod.GET.name(),
|
||||
HttpMethod.HEAD.name(), HttpMethod.POST.name()));
|
||||
}
|
||||
if (this.allowedHeaders == null) {
|
||||
this.addAllowedHeader(ALL);
|
||||
}
|
||||
if (this.allowCredentials == null) {
|
||||
this.setAllowCredentials(true);
|
||||
}
|
||||
if (this.maxAge == null) {
|
||||
this.setMaxAge(1800L);
|
||||
}
|
||||
return this;
|
||||
}
|
||||
|
||||
/**
|
||||
* Combine the supplied {@code CorsConfiguration} with this one.
|
||||
|
||||
Reference in New Issue
Block a user