// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.jdisc.http.filter.security.cors; import com.google.inject.Inject; import com.yahoo.jdisc.Response; import com.yahoo.jdisc.handler.ContentChannel; import com.yahoo.jdisc.handler.ResponseHandler; import com.yahoo.jdisc.http.HttpResponse; import com.yahoo.jdisc.http.filter.DiscFilterRequest; import com.yahoo.jdisc.http.filter.SecurityRequestFilter; import com.yahoo.yolean.chain.Provides; import java.util.HashSet; import java.util.Set; import static com.yahoo.jdisc.http.HttpRequest.Method.OPTIONS; /** *
* This filter makes sure we respond as quickly as possible to CORS pre-flight requests * which browsers transmit before the Hosted Vespa dashboard code is allowed to send a "real" request. *
** An "Access-Control-Max-Age" header is added so that the browser will cache the result of this pre-flight request, * further improving the responsiveness of the Hosted Vespa dashboard application. *
** Runs after all standard security request filters, but before BouncerFilter, as the browser does not send * credentials with pre-flight requests. *
* * @author andreer * @author gv * @author bjorncs */ @Provides("CorsPreflightRequestFilter") public class CorsPreflightRequestFilter implements SecurityRequestFilter { private final Set