List of usage examples for com.google.common.net HttpHeaders ACCESS_CONTROL_ALLOW_ORIGIN
String ACCESS_CONTROL_ALLOW_ORIGIN
To view the source code for com.google.common.net HttpHeaders ACCESS_CONTROL_ALLOW_ORIGIN.
Click Source Link
From source file:org.apache.aurora.scheduler.http.CorsFilter.java
@Override public void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException { response.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, allowedOriginDomain); response.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, ALLOWED_METHODS); response.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, ALLOWED_HEADERS); chain.doFilter(request, response);/* w ww . jav a 2s. c o m*/ }
From source file:org.killbill.billing.server.filters.ResponseCorsFilter.java
@Override public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain) throws IOException, ServletException { final HttpServletResponse res = (HttpServletResponse) response; final HttpServletRequest req = (HttpServletRequest) request; final String origin = MoreObjects.firstNonNull(req.getHeader(HttpHeaders.ORIGIN), "*"); res.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, origin); res.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, "GET, POST, DELETE, PUT, OPTIONS"); res.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, allowedHeaders); res.addHeader(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, allowedHeaders); res.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true"); chain.doFilter(request, response);/*from w w w. j av a 2s .c o m*/ }
From source file:com.iblsoft.iwxxm.webservice.ws.ValidationServlet.java
private void addCorsResponseHeaders(HttpServletResponse response) { if (!this.allowOriginHeader.isEmpty()) { response.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, this.allowOriginHeader); response.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, "GET, POST,OPTIONS"); response.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, HttpHeaders.CONTENT_TYPE); }//w ww .jav a 2 s . c o m }
From source file:org.ambraproject.wombat.controller.StaticResourceController.java
@RequestMapping(name = "staticResource", value = "/" + AssetUrls.RESOURCE_NAMESPACE + "/**") public void serveResource(HttpServletRequest request, HttpServletResponse response, HttpSession session, @SiteParam Site site) throws IOException { Theme theme = site.getTheme();//from www .jav a 2 s . co m // Kludge to get "resource/**" String servletPath = request.getRequestURI(); String filePath = pathFrom(servletPath, AssetUrls.RESOURCE_NAMESPACE); if (filePath.length() <= AssetUrls.RESOURCE_NAMESPACE.length() + 1) { throw new NotFoundException(); // in case of a request to "resource/" root } if (corsEnabled(site, filePath)) { response.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, "*"); } response.setContentType(session.getServletContext().getMimeType(servletPath)); if (filePath.startsWith(COMPILED_NAMESPACE)) { serveCompiledAsset(filePath, request, response); } else { serveFile(filePath, request, response, theme); } }
From source file:net.opentsdb.tsd.RpcHandler.java
/** * Finds the right handler for an HTTP query and executes it. * Also handles simple and pre-flight CORS requests if configured, rejecting * requests that do not match a domain in the list. * @param chan The channel on which the query was received. * @param req The parsed HTTP request./*from w ww .ja v a 2 s . c o m*/ */ private void handleHttpQuery(final TSDB tsdb, final Channel chan, final HttpRequest req) { http_rpcs_received.incrementAndGet(); final HttpQuery query = new HttpQuery(tsdb, req, chan); if (!tsdb.getConfig().enable_chunked_requests() && req.isChunked()) { logError(query, "Received an unsupported chunked request: " + query.request()); query.badRequest("Chunked request not supported."); return; } try { final String route = query.getQueryBaseRoute(); query.setSerializer(); final String domain = req.headers().get("Origin"); // catch CORS requests and add the header or refuse them if the domain // list has been configured if (query.method() == HttpMethod.OPTIONS || (cors_domains != null && domain != null && !domain.isEmpty())) { if (cors_domains == null || domain == null || domain.isEmpty()) { throw new BadRequestException(HttpResponseStatus.METHOD_NOT_ALLOWED, "Method not allowed", "The HTTP method [" + query.method().getName() + "] is not permitted"); } if (cors_domains.contains("*") || cors_domains.contains(domain.toUpperCase())) { // when a domain has matched successfully, we need to add the header query.response().headers().add(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, domain); query.response().headers().add(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, "GET, POST, PUT, DELETE"); query.response().headers().add(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, cors_headers); // if the method requested was for OPTIONS then we'll return an OK // here and no further processing is needed. if (query.method() == HttpMethod.OPTIONS) { query.sendStatusOnly(HttpResponseStatus.OK); return; } } else { // You'd think that they would want the server to return a 403 if // the Origin wasn't in the CORS domain list, but they want a 200 // without the allow origin header. We'll return an error in the // body though. throw new BadRequestException(HttpResponseStatus.OK, "CORS domain not allowed", "The domain [" + domain + "] is not permitted access"); } } final HttpRpc rpc = http_commands.get(route); if (rpc != null) { rpc.execute(tsdb, query); } else { query.notFound(); } } catch (BadRequestException ex) { query.badRequest(ex); } catch (Exception ex) { query.internalError(ex); exceptions_caught.incrementAndGet(); } }