CORSPolicy class

Describes a CORS policy for a RequestController.

A CORS policy describes allowed origins, accepted HTTP methods and headers, exposed response headers and other values used by browsers to manage XHR requests to an Aqueduct application.

Every RequestController has a RequestController.policy. By default, this value is defaultPolicy, which is quite permissive.

Modifications to policy for a specific RequestController can be accomplished in the initializer of the controller.

Application-wide defaults can be managed by modifying defaultPolicy in a RequestSink's constructor.

Constructors

CORSPolicy()
Create a new instance of CORSPolicy. [...]

Properties

allowCredentials bool
Whether or not to allow use of credentials, including Authorization and cookies. [...]
read / write
allowedMethods List<String>
Which HTTP methods are allowed. [...]
read / write
allowedOrigins List<String>
The list of case-sensitive allowed origins. [...]
read / write
allowedRequestHeaders List<String>
The allowed request headers. [...]
read / write
cacheInSeconds int
The number of seconds to cache a pre-flight request for a requesting client.
read / write
exposedResponseHeaders List<String>
Which response headers to expose to the client. [...]
read / write
hashCode int
The hash code for this object. [...]
read-only, inherited
runtimeType Type
A representation of the runtime type of the object.
read-only, inherited

Methods

headersForRequest(Request request) Map<String, dynamic>
Returns a map of HTTP headers for a request based on this policy. [...]
isRequestOriginAllowed(HttpRequest request) bool
Whether or not this policy allows the Origin of the request. [...]
preflightResponse(Request req) Response
Returns a preflight response for a given Request. [...]
validatePreflightRequest(HttpRequest request) bool
Validates whether or not a preflight request matches this policy. [...]
noSuchMethod(Invocation invocation) → dynamic
Invoked when a non-existent method or property is accessed. [...]
inherited
toString() String
Returns a string representation of this object.
inherited

Operators

operator ==(dynamic other) bool
The equality operator. [...]
inherited

Static Properties

defaultPolicy CORSPolicy
The default CORS policy. [...]
read-only

Constants

simpleRequestHeaders → const List<String>
List of 'Simple' CORS headers. [...]
const ["accept", "accept-language", "content-language", "content-type"]
simpleResponseHeaders → const List<String>
List of 'Simple' CORS Response headers. [...]
const ["cache-control", "content-language", "content-type", "content-type", "expires", "last-modified", "pragma"]