|
|
|
|
@ -23,59 +23,71 @@ import java.lang.annotation.RetentionPolicy;
@@ -23,59 +23,71 @@ import java.lang.annotation.RetentionPolicy;
|
|
|
|
|
import java.lang.annotation.Target; |
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* Marks the annotated method as permitting cross origin requests. |
|
|
|
|
* By default, all origins and headers are permitted. |
|
|
|
|
* Marks the annotated method or type as permitting cross origin requests. |
|
|
|
|
* |
|
|
|
|
* <p>By default, all origins and headers are permitted. |
|
|
|
|
* |
|
|
|
|
* @author Russell Allen |
|
|
|
|
* @author Sebastien Deleuze |
|
|
|
|
* @author Sam Brannen |
|
|
|
|
* @since 4.2 |
|
|
|
|
*/ |
|
|
|
|
@Target({ElementType.METHOD, ElementType.TYPE}) |
|
|
|
|
@Target({ ElementType.METHOD, ElementType.TYPE }) |
|
|
|
|
@Retention(RetentionPolicy.RUNTIME) |
|
|
|
|
@Documented |
|
|
|
|
public @interface CrossOrigin { |
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* List of allowed origins. {@code "*"} means that all origins are allowed. These values |
|
|
|
|
* are placed in the {@code Access-Control-Allow-Origin} header of both the pre-flight |
|
|
|
|
* and actual responses. Default value is <b>"*"</b>. |
|
|
|
|
* List of allowed origins. |
|
|
|
|
* <p>These values are placed in the {@code Access-Control-Allow-Origin} |
|
|
|
|
* header of both the pre-flight response and the actual response. |
|
|
|
|
* <p>Defaults to {@code "*"} which means that all origins are allowed. |
|
|
|
|
*/ |
|
|
|
|
String[] origin() default {"*"}; |
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* Indicates which request headers can be used during the actual request. {@code "*"} means |
|
|
|
|
* that all headers asked by the client are allowed. This property controls the value of |
|
|
|
|
* pre-flight response's {@code Access-Control-Allow-Headers} header. Default value is |
|
|
|
|
* <b>"*"</b>. |
|
|
|
|
* List of request headers that can be used during the actual request. |
|
|
|
|
* <p>This property controls the value of the pre-flight response's |
|
|
|
|
* {@code Access-Control-Allow-Headers} header. |
|
|
|
|
* <p>Defaults to {@code "*"} which means that all headers requested |
|
|
|
|
* by the client are allowed. |
|
|
|
|
*/ |
|
|
|
|
String[] allowedHeaders() default {"*"}; |
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* List of response headers that the user-agent will allow the client to access. This property |
|
|
|
|
* controls the value of actual response's {@code Access-Control-Expose-Headers} header. |
|
|
|
|
* List of response headers that the user-agent will allow the client to access. |
|
|
|
|
* <p>This property controls the value of actual response's |
|
|
|
|
* {@code Access-Control-Expose-Headers} header. |
|
|
|
|
* <p>Defaults to an empty array. |
|
|
|
|
*/ |
|
|
|
|
String[] exposedHeaders() default {}; |
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* The HTTP request methods to allow: GET, POST, HEAD, OPTIONS, PUT, PATCH, DELETE, TRACE. |
|
|
|
|
* Methods specified here overrides {@code RequestMapping} ones. |
|
|
|
|
* List of supported HTTP request methods. |
|
|
|
|
* <p>Methods specified here override those specified via {@code RequestMapping}. |
|
|
|
|
* <p>Defaults to an empty array. |
|
|
|
|
*/ |
|
|
|
|
RequestMethod[] method() default {}; |
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* Set to {@code "true"} if the the browser should include any cookies associated to the domain |
|
|
|
|
* of the request being annotated, or "false" if it should not. Empty string "" means undefined. |
|
|
|
|
* If true, the pre-flight response will include the header |
|
|
|
|
* {@code Access-Control-Allow-Credentials=true}. Default value is <b>"true"</b>. |
|
|
|
|
* Whether the browser should include any cookies associated with the |
|
|
|
|
* domain of the request being annotated. |
|
|
|
|
* <p>Set to {@code "false"} if such cookies should not included. |
|
|
|
|
* <p>An empty string ({@code ""}) means <em>undefined</em>. |
|
|
|
|
* <p>Defaults to {@code "true"} which means that the pre-flight |
|
|
|
|
* response will include the header |
|
|
|
|
* {@code Access-Control-Allow-Credentials=true}. |
|
|
|
|
*/ |
|
|
|
|
String allowCredentials() default "true"; |
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* Controls the cache duration for pre-flight responses. Setting this to a reasonable |
|
|
|
|
* value can reduce the number of pre-flight request/response interaction required by |
|
|
|
|
* the browser. This property controls the value of the {@code Access-Control-Max-Age header} |
|
|
|
|
* in the pre-flight response. Value set to -1 means undefined. Default value is |
|
|
|
|
* <b>1800</b> seconds, or 30 minutes. |
|
|
|
|
* The maximum age (in seconds) of the cache duration for pre-flight responses. |
|
|
|
|
* <p>This property controls the value of the {@code Access-Control-Max-Age} |
|
|
|
|
* header in the pre-flight response. |
|
|
|
|
* <p>A value of {@code -1} means <em>undefined</em>. |
|
|
|
|
* <p>Setting this to a reasonable value can reduce the number of pre-flight |
|
|
|
|
* request/response interactions required by the browser. |
|
|
|
|
* <p>Defaults to {@code 1800} seconds (i.e., 30 minutes). |
|
|
|
|
*/ |
|
|
|
|
long maxAge() default 1800; |
|
|
|
|
|
|
|
|
|
|
Sam Brannen
10 years ago