Package org.keycloak.services.cors

Interface Cors

All Superinterfaces:
Provider
All Known Implementing Classes:
DefaultCors
public interface Cors extends Provider
Author:
Stian Thorgersen

  • Field Details

  • Method Details

    • builder

      static Cors builder()

    • builder

      Cors builder(jakarta.ws.rs.core.Response.ResponseBuilder builder)

    • preflight

      Cors preflight()

    • auth

      Cors auth()

    • allowAllOrigins

      Cors allowAllOrigins()

    • checkAllowedOrigins

      Cors checkAllowedOrigins(KeycloakSession session, ClientModel client)
      Sets the allowed origins from the client's configured web origins and checks the incoming Origin header against them. Throws ForbiddenException (HTTP 403) on a mismatch so the request stops before any side effects. Preflight and same-origin requests pass through without a check.

    • checkAllowedOrigins

      Cors checkAllowedOrigins(AccessToken token)

    • checkAllowedOrigins

      Cors checkAllowedOrigins(List<String> allowedOrigins)

    • allowedMethods

      Cors allowedMethods(String... allowedMethods)

    • exposedHeaders

      Cors exposedHeaders(String... exposedHeaders)

    • add

      void add()
      Add the CORS headers to the current HttpResponse.

    • add

      default jakarta.ws.rs.core.Response add(jakarta.ws.rs.core.Response.ResponseBuilder builder)

      Add the CORS headers to the current server HttpResponse and returns a Response based on the given builder.

      This is a convenient method to make it easier to return a Response from methods while at the same time adding the corresponding CORS headers to the underlying server response.

      Parameters:
      builder - the response builder
      Returns:
      the response built from the response builder