Describes a CORS policy for a RequestController.
A CORS policy describes allowed origins, accepted HTTP methods and headers, exposed response headers and other values used by browsers to manage XHR requests to an Aqueduct application.
Every RequestController has a RequestController.policy. By default, this value is defaultPolicy, which is quite permissive.
Modifications to policy for a specific RequestController can be accomplished in the initializer of the controller.
Application-wide defaults can be managed by modifying defaultPolicy in a RequestSink's constructor.
Constants
- simpleRequestHeaders → List<String>
-
List of 'Simple' CORS headers.
const ["accept", "accept-language", "content-language", "content-type"]
- simpleResponseHeaders → List<String>
-
List of 'Simple' CORS Response headers.
const ["cache-control", "content-language", "content-type", "content-type", "expires", "last-modified", "pragma"]
Static Properties
- defaultPolicy → CORSPolicy
-
The default CORS policy.
read-only
Constructors
- CORSPolicy()
-
Create a new instance of CORSPolicy.
Properties
- allowCredentials → bool
-
Whether or not to allow use of credentials, including Authorization and cookies.
read / write - allowedMethods → List<String>
-
Which HTTP methods are allowed.
read / write - allowedOrigins → List<String>
-
The list of case-sensitive allowed origins.
read / write - allowedRequestHeaders → List<String>
-
The allowed request headers.
read / write - cacheInSeconds → int
-
The number of seconds to cache a pre-flight request for a requesting client.
read / write - exposedResponseHeaders → List<String>
-
Which response headers to expose to the client.
read / write - hashCode → int
-
The hash code for this object.
read-only, inherited - runtimeType → Type
-
A representation of the runtime type of the object.
read-only, inherited
Operators
-
operator ==(
other) → bool -
The equality operator.
inherited
Methods
-
headersForRequest(
Request request) → Map<String, dynamic> -
Returns a map of HTTP headers for a request based on this policy.
-
isRequestOriginAllowed(
HttpRequest request) → bool -
Whether or not this policy allows the Origin of the
request
. -
preflightResponse(
Request req) → Response -
Returns a preflight response for a given Request.
-
validatePreflightRequest(
HttpRequest request) → bool -
Validates whether or not a preflight request matches this policy.
-
noSuchMethod(
Invocation invocation) → dynamic -
Invoked when a non-existent method or property is accessed.
inherited -
toString(
) → String -
Returns a string representation of this object.
inherited