CorsDefaults (Atlassian REST - Parent POM 2.8.5 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.atlassian.plugins.rest.common.security.descriptor
Interface CorsDefaults

public interface CorsDefaults

Defaults to apply for Cross-Origin Resource Sharing when the com.atlassian.plugins.rest.common.security.AllowCors annotation is used.

Since:: 2.6

Method Summary
`boolean`	`allowsCredentials(java.lang.String uri)` Given an origin which has already passed an `allowsOrigin(String)` check, tests that origin to determine if it is whitelisted for making a credentialed CORS request, on behalf of a specific user.
`boolean`	`allowsOrigin(java.lang.String uri)` Tests the provided origin to determine if it is whitelisted for making non-credentialed CORS requests.
`java.util.Set<java.lang.String>`	`getAllowedRequestHeaders(java.lang.String uri)` For the provided origin, returns a set of HTTP headers which the browser may include when making a request.
`java.util.Set<java.lang.String>`	`getAllowedResponseHeaders(java.lang.String uri)` For the provided origin, returns a set of HTTP headers which the browser's CORS support can forward on to the underlying request.

Method Detail

allowsCredentials

boolean allowsCredentials(java.lang.String uri)
                          throws java.lang.IllegalArgumentException

Given an origin which has already passed an allowsOrigin(String) check, tests that origin to determine if it is whitelisted for making a credentialed CORS request, on behalf of a specific user.

Parameters:: uri - The origin that has already been allowed. Will never be null
Returns:: True if the origin allows origin requests that contain credentials such as cookies or HTTP auth
Throws:: java.lang.IllegalArgumentException - Thrown if the uri is not a valid origin or is null.

allowsOrigin

boolean allowsOrigin(java.lang.String uri)
                     throws java.lang.IllegalArgumentException

Tests the provided origin to determine if it is whitelisted for making non-credentialed CORS requests.

Parameters:: uri - The origin. Will never be null
Returns:: True if the origin provided matches any values in the whitelist
Throws:: java.lang.IllegalArgumentException - Thrown if the uri is not a valid URL or is null.

getAllowedRequestHeaders

java.util.Set<java.lang.String> getAllowedRequestHeaders(java.lang.String uri)
                                                         throws java.lang.IllegalArgumentException

For the provided origin, returns a set of HTTP headers which the browser may include when making a request. These headers are only relevant for a CORS preflight check, which is made for non-simple HTTP requests.

Parameters:: uri - the origin that has already been allowed. Will never be null
Returns:: set of allowed non-simple (see spec) HTTP headers. Must not be null
Throws:: java.lang.IllegalArgumentException - Thrown if the uri is not a valid origin or is null.
See Also:: CorsHeaders.ACCESS_CONTROL_ALLOW_HEADERS

getAllowedResponseHeaders

java.util.Set<java.lang.String> getAllowedResponseHeaders(java.lang.String uri)
                                                          throws java.lang.IllegalArgumentException

For the provided origin, returns a set of HTTP headers which the browser's CORS support can forward on to the underlying request. For resources accessed via CORS which have non-simple headers they return, only those headers which are allowed this set will actually be exposed by the browser after the request completes. These headers are only relevant for simple HTTP requests, which do not require a CORS preflight check.

Parameters:: uri - the origin that has already been allowed. Will never be null
Returns:: set of allowed simple (see spec) HTTP headers. Must not be null
Throws:: java.lang.IllegalArgumentException - Thrown if the uri is not a valid origin or is null.
See Also:: CorsHeaders.ACCESS_CONTROL_EXPOSE_HEADERS