diff --git a/commons/src/main/java/org/restheart/exchange/CORSHeaders.java b/commons/src/main/java/org/restheart/exchange/CORSHeaders.java index a0227f12a..97d53667a 100644 --- a/commons/src/main/java/org/restheart/exchange/CORSHeaders.java +++ b/commons/src/main/java/org/restheart/exchange/CORSHeaders.java @@ -19,83 +19,88 @@ */ package org.restheart.exchange; -import io.undertow.util.HttpString; +import static com.google.common.net.HttpHeaders.X_POWERED_BY; +import static io.undertow.util.Headers.ETAG; import static io.undertow.util.Headers.LOCATION_STRING; import static io.undertow.util.Headers.ORIGIN; -import static io.undertow.util.Headers.ETAG; import static org.restheart.plugins.security.TokenManager.AUTH_TOKEN_HEADER; import static org.restheart.plugins.security.TokenManager.AUTH_TOKEN_LOCATION_HEADER; import static org.restheart.plugins.security.TokenManager.AUTH_TOKEN_VALID_HEADER; -import static com.google.common.net.HttpHeaders.X_POWERED_BY; + +import io.undertow.util.HttpString; /** * * @author Andrea Di Cesare {@literal } * - * Defines the CORS headers to be added to the response + * Defines the CORS headers to be added to the response */ public interface CORSHeaders { - public static final HttpString ACCESS_CONTROL_EXPOSE_HEADERS = HttpString.tryFromString("Access-Control-Expose-Headers"); - public static final HttpString ACCESS_CONTROL_ALLOW_CREDENTIAL = HttpString.tryFromString("Access-Control-Allow-Credentials"); - public static final HttpString ACCESS_CONTROL_ALLOW_ORIGIN = HttpString.tryFromString("Access-Control-Allow-Origin"); - public static final HttpString ACCESS_CONTROL_ALLOW_METHODS = HttpString.tryFromString("Access-Control-Allow-Methods"); - public static final HttpString ACCESS_CONTROL_ALLOW_HEADERS = HttpString.tryFromString("Access-Control-Allow-Headers"); + public static final HttpString ACCESS_CONTROL_EXPOSE_HEADERS = HttpString + .tryFromString("Access-Control-Expose-Headers"); + public static final HttpString ACCESS_CONTROL_ALLOW_CREDENTIAL = HttpString + .tryFromString("Access-Control-Allow-Credentials"); + public static final HttpString ACCESS_CONTROL_ALLOW_ORIGIN = HttpString + .tryFromString("Access-Control-Allow-Origin"); + public static final HttpString ACCESS_CONTROL_ALLOW_METHODS = HttpString + .tryFromString("Access-Control-Allow-Methods"); + public static final HttpString ACCESS_CONTROL_ALLOW_HEADERS = HttpString + .tryFromString("Access-Control-Allow-Headers"); - public static final String DEFALUT_ACCESS_CONTROL_EXPOSE_HEADERS = - LOCATION_STRING - + ", " + ETAG.toString() - + ", " + AUTH_TOKEN_HEADER.toString() - + ", " + AUTH_TOKEN_VALID_HEADER.toString() - + ", " + AUTH_TOKEN_LOCATION_HEADER.toString() - + ", " + X_POWERED_BY; + public static final String DEFAULT_ACCESS_CONTROL_EXPOSE_HEADERS = LOCATION_STRING + + ", " + ETAG.toString() + + ", " + AUTH_TOKEN_HEADER.toString() + + ", " + AUTH_TOKEN_VALID_HEADER.toString() + + ", " + AUTH_TOKEN_LOCATION_HEADER.toString() + + ", " + X_POWERED_BY; /** - * @return the values of the Access-Control-Expose-Headers - */ + * @return the values of the Access-Control-Expose-Headers + */ default String accessControlExposeHeaders(Request r) { - return DEFALUT_ACCESS_CONTROL_EXPOSE_HEADERS; + return DEFAULT_ACCESS_CONTROL_EXPOSE_HEADERS; } - public static final String DEFALUT_ACCESS_CONTROL_ALLOW_CREDENTIALS = "true"; + public static final String DEFAULT_ACCESS_CONTROL_ALLOW_CREDENTIALS = "true"; /** - * @return the values of the Access-Control-Allow-Credentials - */ + * @return the values of the Access-Control-Allow-Credentials + */ default String accessControlAllowCredentials(Request r) { - return DEFALUT_ACCESS_CONTROL_ALLOW_CREDENTIALS; + return DEFAULT_ACCESS_CONTROL_ALLOW_CREDENTIALS; } - public static final String DEFALUT_ACCESS_CONTROL_ALLOW_ORIGIN = "*"; + public static final String DEFAULT_ACCESS_CONTROL_ALLOW_ORIGIN = "*"; /** - * @return the values of the Access-Control-Allow-Origin - */ + * @return the values of the Access-Control-Allow-Origin + */ default String accessControlAllowOrigin(Request r) { var requestHeaders = r.getHeaders(); if (requestHeaders.contains(ORIGIN)) { return requestHeaders.get(ORIGIN).getFirst().toString(); } else { - return DEFALUT_ACCESS_CONTROL_ALLOW_ORIGIN; + return DEFAULT_ACCESS_CONTROL_ALLOW_ORIGIN; } } - public static final String DEFALUT_ACCESS_CONTROL_ALLOW_METHODS = "GET, PUT, POST, PATCH, DELETE, OPTIONS"; + public static final String DEFAULT_ACCESS_CONTROL_ALLOW_METHODS = "GET, PUT, POST, PATCH, DELETE, OPTIONS"; /** - * @return the values of the Access-Control-Allow-Methods - */ + * @return the values of the Access-Control-Allow-Methods + */ default String accessControlAllowMethods(Request r) { - return DEFALUT_ACCESS_CONTROL_ALLOW_METHODS; + return DEFAULT_ACCESS_CONTROL_ALLOW_METHODS; } - public static final String DEFALUT_ACCESS_CONTROL_ALLOW_HEADERS = "Accept, Accept-Encoding, Authorization, " - + "Content-Length, Content-Type, Host, If-Match, " - + "Origin, X-Requested-With, User-Agent, No-Auth-Challenge"; + public static final String DEFAULT_ACCESS_CONTROL_ALLOW_HEADERS = "Accept, Accept-Encoding, Authorization, " + + "Content-Length, Content-Type, Host, If-Match, " + + "Origin, X-Requested-With, User-Agent, No-Auth-Challenge"; /** - * @return the values of the Access-Control-Allow-Methods - */ + * @return the values of the Access-Control-Allow-Methods + */ default String accessControlAllowHeaders(Request r) { - return DEFALUT_ACCESS_CONTROL_ALLOW_HEADERS; + return DEFAULT_ACCESS_CONTROL_ALLOW_HEADERS; } } \ No newline at end of file