Class CrossOriginFilter

  • All Implemented Interfaces:
    javax.servlet.Filter

    public class CrossOriginFilter
    extends java.lang.Object
    implements javax.servlet.Filter

    Implementation of the cross-origin resource sharing.

    A typical example is to use this filter to allow cross-domain cometd communication using the standard long polling transport instead of the JSONP transport (that is less efficient and less reactive to failures).

    This filter allows the following configuration parameters:

    • allowedOrigins, a comma separated list of origins that are allowed to access the resources. Default value is *, meaning all origins.
      If an allowed origin contains one or more * characters (for example http://*.domain.com), then "*" characters are converted to ".*", "." characters are escaped to "\." and the resulting allowed origin interpreted as a regular expression.
      Allowed origins can therefore be more complex expressions such as https?://*.domain.[a-z]{3} that matches http or https, multiple subdomains and any 3 letter top-level domain (.com, .net, .org, etc.).
    • allowedMethods, a comma separated list of HTTP methods that are allowed to be used when accessing the resources. Default value is GET,POST,HEAD
    • allowedHeaders, a comma separated list of HTTP headers that are allowed to be specified when accessing the resources. Default value is X-Requested-With,Content-Type,Accept,Origin
    • preflightMaxAge, the number of seconds that preflight requests can be cached by the client. Default value is 1800 seconds, or 30 minutes
    • allowCredentials, a boolean indicating if the resource allows requests with credentials. Default value is false
    • exposeHeaders, a comma separated list of HTTP headers that are allowed to be exposed on the client. Default value is the empty list
    • chainPreflight, if true preflight requests are chained to their target resource for normal handling (as an OPTION request). Otherwise the filter will response to the preflight. Default is true.

    A typical configuration could be:

     <web-app ...>
         ...
         <filter>
             <filter-name>cross-origin</filter-name>
             <filter-class>org.eclipse.jetty.servlets.CrossOriginFilter</filter-class>
         </filter>
         <filter-mapping>
             <filter-name>cross-origin</filter-name>
             <url-pattern>/cometd/*</url-pattern>
         </filter-mapping>
         ...
     </web-app>
     

    • Field Detail

      • ACCESS_CONTROL_REQUEST_METHOD_HEADER

        public static final java.lang.String ACCESS_CONTROL_REQUEST_METHOD_HEADER
        See Also:
        Constant Field Values
      • ACCESS_CONTROL_REQUEST_HEADERS_HEADER

        public static final java.lang.String ACCESS_CONTROL_REQUEST_HEADERS_HEADER
        See Also:
        Constant Field Values
      • ACCESS_CONTROL_ALLOW_ORIGIN_HEADER

        public static final java.lang.String ACCESS_CONTROL_ALLOW_ORIGIN_HEADER
        See Also:
        Constant Field Values
      • ACCESS_CONTROL_ALLOW_METHODS_HEADER

        public static final java.lang.String ACCESS_CONTROL_ALLOW_METHODS_HEADER
        See Also:
        Constant Field Values
      • ACCESS_CONTROL_ALLOW_HEADERS_HEADER

        public static final java.lang.String ACCESS_CONTROL_ALLOW_HEADERS_HEADER
        See Also:
        Constant Field Values
      • ACCESS_CONTROL_MAX_AGE_HEADER

        public static final java.lang.String ACCESS_CONTROL_MAX_AGE_HEADER
        See Also:
        Constant Field Values
      • ACCESS_CONTROL_ALLOW_CREDENTIALS_HEADER

        public static final java.lang.String ACCESS_CONTROL_ALLOW_CREDENTIALS_HEADER
        See Also:
        Constant Field Values
      • ACCESS_CONTROL_EXPOSE_HEADERS_HEADER

        public static final java.lang.String ACCESS_CONTROL_EXPOSE_HEADERS_HEADER
        See Also:
        Constant Field Values
      • ALLOWED_ORIGINS_PARAM

        public static final java.lang.String ALLOWED_ORIGINS_PARAM
        See Also:
        Constant Field Values
      • ALLOWED_METHODS_PARAM

        public static final java.lang.String ALLOWED_METHODS_PARAM
        See Also:
        Constant Field Values
      • ALLOWED_HEADERS_PARAM

        public static final java.lang.String ALLOWED_HEADERS_PARAM
        See Also:
        Constant Field Values
      • PREFLIGHT_MAX_AGE_PARAM

        public static final java.lang.String PREFLIGHT_MAX_AGE_PARAM
        See Also:
        Constant Field Values
      • ALLOW_CREDENTIALS_PARAM

        public static final java.lang.String ALLOW_CREDENTIALS_PARAM
        See Also:
        Constant Field Values
      • EXPOSED_HEADERS_PARAM

        public static final java.lang.String EXPOSED_HEADERS_PARAM
        See Also:
        Constant Field Values
      • OLD_CHAIN_PREFLIGHT_PARAM

        public static final java.lang.String OLD_CHAIN_PREFLIGHT_PARAM
        See Also:
        Constant Field Values
      • CHAIN_PREFLIGHT_PARAM

        public static final java.lang.String CHAIN_PREFLIGHT_PARAM
        See Also:
        Constant Field Values
    • Constructor Detail

      • CrossOriginFilter

        public CrossOriginFilter()
    • Method Detail

      • init

        public void init​(javax.servlet.FilterConfig config)
                  throws javax.servlet.ServletException
        Specified by:
        init in interface javax.servlet.Filter
        Throws:
        javax.servlet.ServletException
      • doFilter

        public void doFilter​(javax.servlet.ServletRequest request,
                             javax.servlet.ServletResponse response,
                             javax.servlet.FilterChain chain)
                      throws java.io.IOException,
                             javax.servlet.ServletException
        Specified by:
        doFilter in interface javax.servlet.Filter
        Throws:
        java.io.IOException
        javax.servlet.ServletException
      • destroy

        public void destroy()
        Specified by:
        destroy in interface javax.servlet.Filter