Describes a CORS policy for a RequestController.

A CORS policy describes allowed origins, accepted HTTP methods and headers, exposed response headers and other values used by browsers to manage XHR requests to an Aqueduct application.

Every RequestController has a RequestController.policy. By default, this value is defaultPolicy, which is quite permissive.

Modifications to policy for a specific RequestController can be accomplished in the initializer of the controller.

Application-wide defaults can be managed by modifying defaultPolicy in a RequestSink's constructor.

Constants

simpleRequestHeaders → List<String>

List of 'Simple' CORS headers.

const ["accept", "accept-language", "content-language", "content-type"]
simpleResponseHeaders → List<String>

List of 'Simple' CORS Response headers.

const ["cache-control", "content-language", "content-type", "content-type", "expires", "last-modified", "pragma"]

Static Properties

defaultPolicy CORSPolicy

The default CORS policy.

read-only

Constructors

CORSPolicy()

Create a new instance of CORSPolicy.

Properties

allowCredentials → bool

Whether or not to allow use of credentials, including Authorization and cookies.

read / write
allowedMethods → List<String>

Which HTTP methods are allowed.

read / write
allowedOrigins → List<String>

The list of case-sensitive allowed origins.

read / write
allowedRequestHeaders → List<String>

The allowed request headers.

read / write
cacheInSeconds → int

The number of seconds to cache a pre-flight request for a requesting client.

read / write
exposedResponseHeaders → List<String>

Which response headers to expose to the client.

read / write
hashCode → int

The hash code for this object.

read-only, inherited
runtimeType → Type

A representation of the runtime type of the object.

read-only, inherited

Operators

operator ==(other) → bool

The equality operator.

inherited

Methods

headersForRequest(Request request) → Map<String, dynamic>

Returns a map of HTTP headers for a request based on this policy.

isRequestOriginAllowed(HttpRequest request) → bool

Whether or not this policy allows the Origin of the request.

preflightResponse(Request req) Response

Returns a preflight response for a given Request.

validatePreflightRequest(HttpRequest request) → bool

Validates whether or not a preflight request matches this policy.

noSuchMethod(Invocation invocation) → dynamic

Invoked when a non-existent method or property is accessed.

inherited
toString() → String

Returns a string representation of this object.

inherited