Class CrossOriginFilter

All Implemented Interfaces:

public class CrossOriginFilter extends Object implements javax.servlet.Filter

Implementation of the cross-origin resource sharing.

A typical example is to use this filter to allow cross-domain cometd communication using the standard long polling transport instead of the JSONP transport (that is less efficient and less reactive to failures).

This filter allows the following configuration parameters:

  • allowedOrigins, a comma separated list of origins that are allowed to access the resources. Default value is *, meaning all origins.
    If an allowed origin contains one or more * characters (for example http://*, then "*" characters are converted to ".*", "." characters are escaped to "\." and the resulting allowed origin interpreted as a regular expression.
    Allowed origins can therefore be more complex expressions such as https?://*.domain.[a-z]{3} that matches http or https, multiple subdomains and any 3 letter top-level domain (.com, .net, .org, etc.).
  • allowedMethods, a comma separated list of HTTP methods that are allowed to be used when accessing the resources. Default value is GET,POST,HEAD
  • allowedHeaders, a comma separated list of HTTP headers that are allowed to be specified when accessing the resources. Default value is X-Requested-With,Content-Type,Accept,Origin
  • preflightMaxAge, the number of seconds that preflight requests can be cached by the client. Default value is 1800 seconds, or 30 minutes
  • allowCredentials, a boolean indicating if the resource allows requests with credentials. Default value is false
  • exposeHeaders, a comma separated list of HTTP headers that are allowed to be exposed on the client. Default value is the empty list
  • chainPreflight, if true preflight requests are chained to their target resource for normal handling (as an OPTION request). Otherwise the filter will response to the preflight. Default is true.

A typical configuration could be:

 <web-app ...>
  • Field Details

  • Constructor Details

    • CrossOriginFilter

      public CrossOriginFilter()
  • Method Details

    • init

      public void init(javax.servlet.FilterConfig config) throws javax.servlet.ServletException
      Specified by:
      init in interface javax.servlet.Filter
    • doFilter

      public void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws IOException, javax.servlet.ServletException
      Specified by:
      doFilter in interface javax.servlet.Filter
    • destroy

      public void destroy()
      Specified by:
      destroy in interface javax.servlet.Filter