|
| 1 | +package com.myspace; |
| 2 | + |
| 3 | +import java.io.IOException; |
| 4 | +import javax.servlet.Filter; |
| 5 | +import javax.servlet.FilterChain; |
| 6 | +import javax.servlet.FilterConfig; |
| 7 | +import javax.servlet.ServletException; |
| 8 | +import javax.servlet.ServletRequest; |
| 9 | +import javax.servlet.ServletResponse; |
| 10 | +import javax.servlet.annotation.WebFilter; |
| 11 | +import javax.servlet.http.HttpServletRequest; |
| 12 | +import javax.servlet.http.HttpServletResponse; |
| 13 | + |
| 14 | +@WebFilter(filterName = "CorsFilter", urlPatterns = "/*", asyncSupported = true) |
| 15 | +public class CorsFilter implements Filter { |
| 16 | + |
| 17 | + private static final String ACCESS_CONTROL_ALLOW_ORIGIN = "Access-Control-Allow-Origin"; |
| 18 | + |
| 19 | + private static final String ACCESS_CONTROL_ALLOW_CREDENTIALS = "Access-Control-Allow-Credentials"; |
| 20 | + |
| 21 | + private static final String ACCESS_CONTROL_ALLOW_METHODS = "Access-Control-Allow-Methods"; |
| 22 | + |
| 23 | + private static final String ACCESS_CONTROL_ALLOW_HEADERS = "Access-Control-Allow-Headers"; |
| 24 | + |
| 25 | + private static final String ORIGIN = "Origin"; |
| 26 | + |
| 27 | + private static final String ACCESS_CONTROL_REQUEST_METHOD = "Access-Control-Request-Method"; |
| 28 | + |
| 29 | + private static final String ACCESS_CONTROL_EXPOSE_HEADERS = "Access-Control-Expose-Headers"; |
| 30 | + |
| 31 | + private static final String ACCESS_CONTROL_REQUEST_HEADERS = "Access-Control-Request-Headers"; |
| 32 | + |
| 33 | + @Override |
| 34 | + public void init(FilterConfig filterConfig) { |
| 35 | + } |
| 36 | + |
| 37 | + @Override |
| 38 | + public void doFilter(ServletRequest servletRequest, |
| 39 | + ServletResponse servletResponse, |
| 40 | + FilterChain chain) throws IOException, ServletException { |
| 41 | + HttpServletRequest request = (HttpServletRequest) servletRequest; |
| 42 | + HttpServletResponse response = (HttpServletResponse) servletResponse; |
| 43 | + String origin = request.getHeader(ORIGIN); |
| 44 | + if (origin == null) { |
| 45 | + chain.doFilter(servletRequest, |
| 46 | + servletResponse); |
| 47 | + } else { |
| 48 | + String requestMethods = request.getHeader(ACCESS_CONTROL_REQUEST_METHOD); |
| 49 | + if (requestMethods != null) { |
| 50 | + response.setHeader(ACCESS_CONTROL_ALLOW_METHODS, |
| 51 | + requestMethods); |
| 52 | + } |
| 53 | + String allowHeaders = request.getHeader(ACCESS_CONTROL_REQUEST_HEADERS); |
| 54 | + if (allowHeaders != null) { |
| 55 | + response.setHeader(ACCESS_CONTROL_ALLOW_HEADERS, |
| 56 | + allowHeaders); |
| 57 | + } |
| 58 | + response.setHeader(ACCESS_CONTROL_ALLOW_ORIGIN, |
| 59 | + origin); |
| 60 | + response.setHeader(ACCESS_CONTROL_ALLOW_CREDENTIALS, |
| 61 | + "true"); |
| 62 | + response.setHeader(ACCESS_CONTROL_EXPOSE_HEADERS, |
| 63 | + "Content-Disposition"); |
| 64 | + if (!"OPTIONS".equalsIgnoreCase(request.getMethod())) { |
| 65 | + chain.doFilter(servletRequest, |
| 66 | + servletResponse); |
| 67 | + } else { |
| 68 | + response.flushBuffer(); |
| 69 | + } |
| 70 | + } |
| 71 | + } |
| 72 | + |
| 73 | + @Override |
| 74 | + public void destroy() { |
| 75 | + |
| 76 | + } |
| 77 | +} |
0 commit comments