Package io.quarkus.vertx.http.runtime.cors

Interface CORSConfig

All Known Implementing Classes:

CORS.Builder.CORSImpl

public interface CORSConfig

Method Summary

Modifier and Type	Method	Description
Optional<Boolean>	accessControlAllowCredentials()	The `Access-Control-Allow-Credentials` response header.
Optional<Duration>	accessControlMaxAge()	The `Access-Control-Max-Age` response header value in Duration format.
boolean	enabled()	Enable the CORS filter.
Optional<List<@WithConverter(io.quarkus.runtime.configuration.TrimmedStringConverter.class) String>>	exposedHeaders()	The HTTP headers exposed in CORS responses.
Optional<List<@WithConverter(io.quarkus.runtime.configuration.TrimmedStringConverter.class) String>>	headers()	The HTTP headers allowed for CORS requests.
Optional<List<@WithConverter(io.quarkus.runtime.configuration.TrimmedStringConverter.class) String>>	methods()	The HTTP methods allowed for CORS requests.
Optional<List<@WithConverter(io.quarkus.runtime.configuration.TrimmedStringConverter.class) String>>	origins()	The origins allowed for CORS.

Method Details

enabled

@WithDefault("false")
boolean enabled()

Enable the CORS filter.

origins

Optional<List<@WithConverter(io.quarkus.runtime.configuration.TrimmedStringConverter.class) String>> origins()

The origins allowed for CORS.

A comma-separated list of valid URLs, such as `http://www.quarkus.io,http://localhost:3000`. URLs enclosed in forward slashes are interpreted as regular expressions.

methods

Optional<List<@WithConverter(io.quarkus.runtime.configuration.TrimmedStringConverter.class) String>> methods()

The HTTP methods allowed for CORS requests.

A comma-separated list of valid HTTP methods, such as `GET,PUT,POST`. If not set, the filter allows any HTTP method by default.

This property is not used to control same-origin HTTP request methods.

Default: Any HTTP request method is allowed.

headers

Optional<List<@WithConverter(io.quarkus.runtime.configuration.TrimmedStringConverter.class) String>> headers()

The HTTP headers allowed for CORS requests.

A comma-separated list of valid headers, such as `X-Custom,Content-Disposition`. If not set, the filter allows any header by default.

Default: Any HTTP request header is allowed.

exposedHeaders

Optional<List<@WithConverter(io.quarkus.runtime.configuration.TrimmedStringConverter.class) String>> exposedHeaders()

The HTTP headers exposed in CORS responses.

A comma-separated list of headers to expose, such as `X-Custom,Content-Disposition`.

Default: No headers are exposed.

accessControlMaxAge

Optional<Duration> accessControlMaxAge()

The `Access-Control-Max-Age` response header value in Duration format.

Informs the browser how long it can cache the results of a preflight request.

accessControlAllowCredentials

Optional<Boolean> accessControlAllowCredentials()

The `Access-Control-Allow-Credentials` response header.

Tells browsers if front-end JavaScript can be allowed to access credentials when the request's credentials mode, `Request.credentials`, is set to `include`.

Default: `true` if the `quarkus.http.cors.origins` property is set and matches the precise `Origin` header value.