List of usage examples for com.google.common.net HttpHeaders ACCESS_CONTROL_ALLOW_METHODS
String ACCESS_CONTROL_ALLOW_METHODS
To view the source code for com.google.common.net HttpHeaders ACCESS_CONTROL_ALLOW_METHODS.
Click Source Link
From source file:org.apache.aurora.scheduler.http.CorsFilter.java
@Override public void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException { response.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, allowedOriginDomain); response.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, ALLOWED_METHODS); response.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, ALLOWED_HEADERS); chain.doFilter(request, response);// w w w .ja v a2 s . c o m }
From source file:org.killbill.billing.server.filters.ResponseCorsFilter.java
@Override public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain) throws IOException, ServletException { final HttpServletResponse res = (HttpServletResponse) response; final HttpServletRequest req = (HttpServletRequest) request; final String origin = MoreObjects.firstNonNull(req.getHeader(HttpHeaders.ORIGIN), "*"); res.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, origin); res.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, "GET, POST, DELETE, PUT, OPTIONS"); res.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, allowedHeaders); res.addHeader(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, allowedHeaders); res.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true"); chain.doFilter(request, response);//w w w . ja v a 2 s . c om }
From source file:com.iblsoft.iwxxm.webservice.ws.ValidationServlet.java
private void addCorsResponseHeaders(HttpServletResponse response) { if (!this.allowOriginHeader.isEmpty()) { response.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, this.allowOriginHeader); response.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, "GET, POST,OPTIONS"); response.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, HttpHeaders.CONTENT_TYPE); }// www. ja v a 2 s .com }
From source file:net.opentsdb.tsd.RpcHandler.java
/** * Finds the right handler for an HTTP query and executes it. * Also handles simple and pre-flight CORS requests if configured, rejecting * requests that do not match a domain in the list. * @param chan The channel on which the query was received. * @param req The parsed HTTP request./*from w ww. j a va2s . com*/ */ private void handleHttpQuery(final TSDB tsdb, final Channel chan, final HttpRequest req) { http_rpcs_received.incrementAndGet(); final HttpQuery query = new HttpQuery(tsdb, req, chan); if (!tsdb.getConfig().enable_chunked_requests() && req.isChunked()) { logError(query, "Received an unsupported chunked request: " + query.request()); query.badRequest("Chunked request not supported."); return; } try { final String route = query.getQueryBaseRoute(); query.setSerializer(); final String domain = req.headers().get("Origin"); // catch CORS requests and add the header or refuse them if the domain // list has been configured if (query.method() == HttpMethod.OPTIONS || (cors_domains != null && domain != null && !domain.isEmpty())) { if (cors_domains == null || domain == null || domain.isEmpty()) { throw new BadRequestException(HttpResponseStatus.METHOD_NOT_ALLOWED, "Method not allowed", "The HTTP method [" + query.method().getName() + "] is not permitted"); } if (cors_domains.contains("*") || cors_domains.contains(domain.toUpperCase())) { // when a domain has matched successfully, we need to add the header query.response().headers().add(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, domain); query.response().headers().add(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, "GET, POST, PUT, DELETE"); query.response().headers().add(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, cors_headers); // if the method requested was for OPTIONS then we'll return an OK // here and no further processing is needed. if (query.method() == HttpMethod.OPTIONS) { query.sendStatusOnly(HttpResponseStatus.OK); return; } } else { // You'd think that they would want the server to return a 403 if // the Origin wasn't in the CORS domain list, but they want a 200 // without the allow origin header. We'll return an error in the // body though. throw new BadRequestException(HttpResponseStatus.OK, "CORS domain not allowed", "The domain [" + domain + "] is not permitted access"); } } final HttpRpc rpc = http_commands.get(route); if (rpc != null) { rpc.execute(tsdb, query); } else { query.notFound(); } } catch (BadRequestException ex) { query.badRequest(ex); } catch (Exception ex) { query.internalError(ex); exceptions_caught.incrementAndGet(); } }