public boolean checkCorsPreflight(Request request, Response response) { log.finer("checkCorsPreflight " + request.getRequestURI()); if (!request.getMethod().equalsIgnoreCase("OPTIONS")) { log.finer("checkCorsPreflight: not options "); return false; } if (request.getHeader("Origin") == null) { log.finer("checkCorsPreflight: no origin header"); return false; } log.finer("Preflight request returning"); response.setStatus(HttpServletResponse.SC_OK); String origin = request.getHeader("Origin"); response.setHeader("Access-Control-Allow-Origin", origin); response.setHeader("Access-Control-Allow-Credentials", "true"); String requestMethods = request.getHeader("Access-Control-Request-Method"); if (requestMethods != null) { if (deployment.getCorsAllowedMethods() != null) { requestMethods = deployment.getCorsAllowedMethods(); } response.setHeader("Access-Control-Allow-Methods", requestMethods); } String allowHeaders = request.getHeader("Access-Control-Request-Headers"); if (allowHeaders != null) { if (deployment.getCorsAllowedHeaders() != null) { allowHeaders = deployment.getCorsAllowedHeaders(); } response.setHeader("Access-Control-Allow-Headers", allowHeaders); } if (deployment.getCorsMaxAge() > -1) { response.setHeader("Access-Control-Max-Age", Integer.toString(deployment.getCorsMaxAge())); } return true; }
@Override public String getCorsAllowedHeaders() { return delegate.getCorsAllowedHeaders(); }