Example usage for com.google.common.net HttpHeaders ACCESS_CONTROL_ALLOW_HEADERS

List of usage examples for com.google.common.net HttpHeaders ACCESS_CONTROL_ALLOW_HEADERS

  1. HOME
  2. Java
  3. com.google.common
  4. com.google.common.net.*
  5. HttpHeaders
  6. ACCESS_CONTROL_ALLOW_HEADERS

Introduction

In this page you can find the example usage for com.google.common.net HttpHeaders ACCESS_CONTROL_ALLOW_HEADERS.

Prototype

String ACCESS_CONTROL_ALLOW_HEADERS

To view the source code for com.google.common.net HttpHeaders ACCESS_CONTROL_ALLOW_HEADERS.

Click Source Link

Document

The HTTP Access-Control-Allow-Headers header field name.

Usage

From source file:org.apache.aurora.scheduler.http.CorsFilter.java

@Override
public void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
        throws IOException, ServletException {

    response.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, allowedOriginDomain);
    response.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, ALLOWED_METHODS);
    response.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, ALLOWED_HEADERS);

    chain.doFilter(request, response);//from w  ww  .  jav  a2 s  .c om
}

From source file:org.killbill.billing.server.filters.ResponseCorsFilter.java

@Override
public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain)
        throws IOException, ServletException {
    final HttpServletResponse res = (HttpServletResponse) response;
    final HttpServletRequest req = (HttpServletRequest) request;

    final String origin = MoreObjects.firstNonNull(req.getHeader(HttpHeaders.ORIGIN), "*");
    res.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, origin);
    res.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, "GET, POST, DELETE, PUT, OPTIONS");
    res.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, allowedHeaders);
    res.addHeader(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, allowedHeaders);
    res.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true");
    chain.doFilter(request, response);/*from  w w  w. j a v a2s  .  co  m*/
}

From source file:com.iblsoft.iwxxm.webservice.ws.ValidationServlet.java

private void addCorsResponseHeaders(HttpServletResponse response) {
    if (!this.allowOriginHeader.isEmpty()) {
        response.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, this.allowOriginHeader);
        response.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, "GET, POST,OPTIONS");
        response.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, HttpHeaders.CONTENT_TYPE);
    }/*from  w ww.  ja  v a2  s  .  com*/
}

From source file:net.opentsdb.tsd.RpcHandler.java

/**
 * Finds the right handler for an HTTP query and executes it.
 * Also handles simple and pre-flight CORS requests if configured, rejecting
 * requests that do not match a domain in the list.
 * @param chan The channel on which the query was received.
 * @param req The parsed HTTP request./*ww  w  . ja va2s.co  m*/
 */
private void handleHttpQuery(final TSDB tsdb, final Channel chan, final HttpRequest req) {
    http_rpcs_received.incrementAndGet();
    final HttpQuery query = new HttpQuery(tsdb, req, chan);
    if (!tsdb.getConfig().enable_chunked_requests() && req.isChunked()) {
        logError(query, "Received an unsupported chunked request: " + query.request());
        query.badRequest("Chunked request not supported.");
        return;
    }
    try {
        final String route = query.getQueryBaseRoute();
        query.setSerializer();

        final String domain = req.headers().get("Origin");

        // catch CORS requests and add the header or refuse them if the domain
        // list has been configured
        if (query.method() == HttpMethod.OPTIONS
                || (cors_domains != null && domain != null && !domain.isEmpty())) {
            if (cors_domains == null || domain == null || domain.isEmpty()) {
                throw new BadRequestException(HttpResponseStatus.METHOD_NOT_ALLOWED, "Method not allowed",
                        "The HTTP method [" + query.method().getName() + "] is not permitted");
            }

            if (cors_domains.contains("*") || cors_domains.contains(domain.toUpperCase())) {

                // when a domain has matched successfully, we need to add the header
                query.response().headers().add(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, domain);
                query.response().headers().add(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS,
                        "GET, POST, PUT, DELETE");
                query.response().headers().add(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, cors_headers);

                // if the method requested was for OPTIONS then we'll return an OK
                // here and no further processing is needed.
                if (query.method() == HttpMethod.OPTIONS) {
                    query.sendStatusOnly(HttpResponseStatus.OK);
                    return;
                }
            } else {
                // You'd think that they would want the server to return a 403 if
                // the Origin wasn't in the CORS domain list, but they want a 200
                // without the allow origin header. We'll return an error in the
                // body though.
                throw new BadRequestException(HttpResponseStatus.OK, "CORS domain not allowed",
                        "The domain [" + domain + "] is not permitted access");
            }
        }

        final HttpRpc rpc = http_commands.get(route);
        if (rpc != null) {
            rpc.execute(tsdb, query);
        } else {
            query.notFound();
        }
    } catch (BadRequestException ex) {
        query.badRequest(ex);
    } catch (Exception ex) {
        query.internalError(ex);
        exceptions_caught.incrementAndGet();
    }
}