baremaps-server-common/src/main/java/com/baremaps/server/common/CorsFilter.java - incubator-baremaps - Git at Google

 /*
  * Copyright (C) 2020 The Baremaps Authors
  *
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
  * in compliance with the License. You may obtain a copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License
  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
  * or implied. See the License for the specific language governing permissions and limitations under
  * the License.
  */

 package com.baremaps.server.common;

 import javax.ws.rs.container.ContainerRequestContext;
 import javax.ws.rs.container.ContainerRequestFilter;
 import javax.ws.rs.container.ContainerResponseContext;
 import javax.ws.rs.container.ContainerResponseFilter;
 import javax.ws.rs.core.Response;
 import javax.ws.rs.ext.Provider;

 @Provider
 public class CorsFilter implements ContainerRequestFilter, ContainerResponseFilter {

   private final String ACCESS_CONTROL_ALLOW_ORIGIN = "Access-Control-Allow-Origin";
   private final String ACCESS_CONTROL_ALLOW_CREDENTIALS = "Access-Control-Allow-Credentials";
   private final String ACCESS_CONTROL_ALLOW_METHODS = "Access-Control-Allow-Methods";
   private final String ACCESS_CONTROL_ALLOW_HEADERS = "Access-Control-Allow-Headers";
   private final String ACCESS_CONTROL_EXPOSE_HEADERS = "Access-Control-Expose-Headers";
   private final String ORIGIN = "Origin";
   private final String VARY = "Vary";

   @Override
   public void filter(ContainerRequestContext requestContext) {
     String origin = requestContext.getHeaderString(ORIGIN);
     if (origin == null) {
       return;
     }
     if (requestContext.getMethod().equalsIgnoreCase("OPTIONS")) {
       preflight(origin, requestContext);
     }
   }

   @Override
   public void filter(
       ContainerRequestContext requestContext, ContainerResponseContext responseContext) {
     String origin = requestContext.getHeaderString(ORIGIN);
     if (origin == null
         || requestContext.getMethod().equalsIgnoreCase("OPTIONS")
         || requestContext.getProperty("cors.failure") != null) {
       return;
     }
     responseContext.getHeaders().putSingle(ACCESS_CONTROL_ALLOW_ORIGIN, origin);
     responseContext
         .getHeaders()
         .putSingle(ACCESS_CONTROL_ALLOW_METHODS, "GET, POST, PUT, DELETE, OPTIONS, HEAD");
     responseContext
         .getHeaders()
         .putSingle(ACCESS_CONTROL_ALLOW_HEADERS, "origin, content-type, accept, authorization");
     responseContext.getHeaders().putSingle(ACCESS_CONTROL_ALLOW_CREDENTIALS, "true");
     responseContext.getHeaders().putSingle(ACCESS_CONTROL_EXPOSE_HEADERS, "Location");
     responseContext.getHeaders().putSingle(VARY, ORIGIN);
   }

   protected void preflight(String origin, ContainerRequestContext requestContext) {
     // Respond with a 204 no content since we are returning an empty response with just the header
     // for preflight
     Response.ResponseBuilder builder = Response.noContent();
     builder.header(ACCESS_CONTROL_ALLOW_ORIGIN, origin);
     builder.header(VARY, ORIGIN);
     builder.header(ACCESS_CONTROL_ALLOW_METHODS, "GET, POST, PUT, DELETE, OPTIONS, HEAD");
     builder.header(ACCESS_CONTROL_ALLOW_HEADERS, "origin, content-type, accept, authorization");
     builder.header(ACCESS_CONTROL_ALLOW_CREDENTIALS, "true");
     builder.header(ACCESS_CONTROL_EXPOSE_HEADERS, "Location");
     requestContext.abortWith(builder.build());
   }
 }
	/*
	* Copyright (C) 2020 The Baremaps Authors
	*
	* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
	* in compliance with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software distributed under the License
	* is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
	* or implied. See the License for the specific language governing permissions and limitations under
	* the License.
	*/

	package com.baremaps.server.common;

	import javax.ws.rs.container.ContainerRequestContext;
	import javax.ws.rs.container.ContainerRequestFilter;
	import javax.ws.rs.container.ContainerResponseContext;
	import javax.ws.rs.container.ContainerResponseFilter;
	import javax.ws.rs.core.Response;
	import javax.ws.rs.ext.Provider;

	@Provider
	public class CorsFilter implements ContainerRequestFilter, ContainerResponseFilter {

	private final String ACCESS_CONTROL_ALLOW_ORIGIN = "Access-Control-Allow-Origin";
	private final String ACCESS_CONTROL_ALLOW_CREDENTIALS = "Access-Control-Allow-Credentials";
	private final String ACCESS_CONTROL_ALLOW_METHODS = "Access-Control-Allow-Methods";
	private final String ACCESS_CONTROL_ALLOW_HEADERS = "Access-Control-Allow-Headers";
	private final String ACCESS_CONTROL_EXPOSE_HEADERS = "Access-Control-Expose-Headers";
	private final String ORIGIN = "Origin";
	private final String VARY = "Vary";

	@Override
	public void filter(ContainerRequestContext requestContext) {
	String origin = requestContext.getHeaderString(ORIGIN);
	if (origin == null) {
	return;
	}
	if (requestContext.getMethod().equalsIgnoreCase("OPTIONS")) {
	preflight(origin, requestContext);
	}
	}

	@Override
	public void filter(
	ContainerRequestContext requestContext, ContainerResponseContext responseContext) {
	String origin = requestContext.getHeaderString(ORIGIN);
	if (origin == null
	\|\| requestContext.getMethod().equalsIgnoreCase("OPTIONS")
	\|\| requestContext.getProperty("cors.failure") != null) {
	return;
	}
	responseContext.getHeaders().putSingle(ACCESS_CONTROL_ALLOW_ORIGIN, origin);
	responseContext
	.getHeaders()
	.putSingle(ACCESS_CONTROL_ALLOW_METHODS, "GET, POST, PUT, DELETE, OPTIONS, HEAD");
	responseContext
	.getHeaders()
	.putSingle(ACCESS_CONTROL_ALLOW_HEADERS, "origin, content-type, accept, authorization");
	responseContext.getHeaders().putSingle(ACCESS_CONTROL_ALLOW_CREDENTIALS, "true");
	responseContext.getHeaders().putSingle(ACCESS_CONTROL_EXPOSE_HEADERS, "Location");
	responseContext.getHeaders().putSingle(VARY, ORIGIN);
	}

	protected void preflight(String origin, ContainerRequestContext requestContext) {
	// Respond with a 204 no content since we are returning an empty response with just the header
	// for preflight
	Response.ResponseBuilder builder = Response.noContent();
	builder.header(ACCESS_CONTROL_ALLOW_ORIGIN, origin);
	builder.header(VARY, ORIGIN);
	builder.header(ACCESS_CONTROL_ALLOW_METHODS, "GET, POST, PUT, DELETE, OPTIONS, HEAD");
	builder.header(ACCESS_CONTROL_ALLOW_HEADERS, "origin, content-type, accept, authorization");
	builder.header(ACCESS_CONTROL_ALLOW_CREDENTIALS, "true");
	builder.header(ACCESS_CONTROL_EXPOSE_HEADERS, "Location");
	requestContext.abortWith(builder.build());
	}
	}