CorsConfiguration class - jetleaf_web library

Defines the Cross-Origin Resource Sharing (CORS) policy for an HTTP server.

Cross-Origin Resource Sharing is a mechanism that allows browsers to request resources from a server on a different origin (domain, scheme, or port) than the one that served the page. By default, web browsers enforce the Same-Origin Policy, which restricts these requests for security reasons.

This configuration class allows you to define which origins, HTTP methods, headers, and credentials are allowed, as well as how long preflight requests may be cached by browsers. It is primarily used in servers or middleware that need to respond to both simple cross-origin requests and preflight OPTIONS requests according to the CORS standard.

Example usage:

final corsConfig = CorsConfiguration(
  allowedOrigins: ['https://example.com', 'https://api.example.com'],
  allowedMethods: ['GET', 'POST', 'PUT'],
  allowedHeaders: ['Content-Type', 'Authorization'],
  exposedHeaders: ['X-My-Custom-Header'],
  allowCredentials: true,
  maxAgeSeconds: 3600,
);

See CORS specification for details.

Constructors

CorsConfiguration({List<String> allowedOrigins = const ['*'], List<String> allowedMethods = const ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'], List<String> allowedHeaders = const ['*'], List<String> exposedHeaders = const [], bool allowCredentials = false, int maxAgeSeconds = 86400})

Defines the Cross-Origin Resource Sharing (CORS) policy for an HTTP server.

const

Properties

allowCredentials → bool

Defines the Cross-Origin Resource Sharing (CORS) policy for an HTTP server.

final

allowedHeaders → List<String>

Defines the Cross-Origin Resource Sharing (CORS) policy for an HTTP server.

final

allowedMethods → List<String>

Defines the Cross-Origin Resource Sharing (CORS) policy for an HTTP server.

final