Apache CXF API

org.apache.cxf.jaxrs.cors
Annotation Type CrossOriginResourceSharing


@Target(value={TYPE,METHOD})
@Retention(value=RUNTIME)
@Inherited
public @interface CrossOriginResourceSharing

Attach CORS information to a resource. This annotation is read by CrossOriginResourceSharingFilter. If this annotation is present on a method, or on the method's class (or its superclasses), then it completely overrides any parameters set in CrossOriginResourceSharingFilter. If a particular parameter of this annotation is not specified, then the default value is used, not the parameters of the filter. Note that the CORS specification censors the headers on a preflight OPTIONS request. As a result, the filter cannot determine exactly which method corresponds to the request, and so uses only class-level annotations to set policies.


Optional Element Summary
 boolean allowAllOrigins
          If true, this resource will return
 boolean allowAnyHeaders
          Act as if whatever headers are listed in the Access-Control-Request-Headers are listed in allowHeaders.
 boolean allowCredentials
          If true, this resource will return
 String[] allowHeaders
          A list of headers that the client may include in an actual request.
 String[] allowOrigins
          A list of permitted origins.
 String[] exposeHeaders
          A list of headers to return in Access-Control-Expose-Headers.
 boolean localPreflight
          Controls the implementation of preflight processing on an OPTIONS method.
 int maxAge
          The value to return in Access-Control-Max-Age.
 

allowAllOrigins

public abstract boolean allowAllOrigins
If true, this resource will return
Access-Control-Allow-Origin: *
for a valid request.

Default:
false

allowOrigins

public abstract String[] allowOrigins
A list of permitted origins. This is ignored if allowAllOrigins() is true.

Default:
{}

allowHeaders

public abstract String[] allowHeaders
A list of headers that the client may include in an actual request.

Default:
{}

allowAnyHeaders

public abstract boolean allowAnyHeaders
Act as if whatever headers are listed in the Access-Control-Request-Headers are listed in allowHeaders. Convenient for dealing with Browser bugs.

Default:
false

allowCredentials

public abstract boolean allowCredentials
If true, this resource will return
Access-Control-Allow-Credentials: true

Default:
false

exposeHeaders

public abstract String[] exposeHeaders
A list of headers to return in Access-Control-Expose-Headers.

Default:
{}

maxAge

public abstract int maxAge
The value to return in Access-Control-Max-Age. If this is negative, then no header is returned. The default value is -1.

Default:
-1

localPreflight

public abstract boolean localPreflight
Controls the implementation of preflight processing on an OPTIONS method. If the current method is OPTIONS, and this method wants to handle the preflight process for itself, set this value to true. In the default, false, case, the filter performs preflight processing.

Default:
false

Apache CXF API

Apache CXF