CORSPolicy class

Describes a CORS policy for a Controller.

A CORS policy describes allowed origins, accepted HTTP methods and headers, exposed response headers and other values used by browsers to manage XHR requests to an Liquidart application.

Every Controller has a Controller.policy. By default, this value is defaultPolicy, which is quite permissive.

Modifications to policy for a specific Controller can be accomplished in the initializer of the controller.

Application-wide defaults can be managed by modifying defaultPolicy in a ApplicationChannel's constructor.


Create a new instance of CORSPolicy.


allowCredentials bool?
Whether or not to allow use of credentials, including Authorization and cookies.
getter/setter pair
allowedMethods List<String>
Which HTTP methods are allowed.
getter/setter pair
allowedOrigins List<String>
The list of case-sensitive allowed origins.
getter/setter pair
allowedRequestHeaders List<String>
The allowed request headers.
getter/setter pair
cacheInSeconds int?
The number of seconds to cache a pre-flight request for a requesting client.
getter/setter pair
exposedResponseHeaders List<String>
Which response headers to expose to the client.
getter/setter pair
hashCode int
The hash code for this object.
no setterinherited
runtimeType Type
A representation of the runtime type of the object.
no setterinherited


headersForRequest(Request request) Map<String, dynamic>
Returns a map of HTTP headers for a request based on this policy.
isRequestOriginAllowed(HttpRequest request) bool
Whether or not this policy allows the Origin of the request.
noSuchMethod(Invocation invocation) → dynamic
Invoked when a nonexistent method or property is accessed.
preflightResponse(Request req) Response
Returns a preflight response for a given Request.
toString() String
A string representation of this object.
validatePreflightRequest(HttpRequest request) bool
Validates whether or not a preflight request matches this policy.


operator ==(Object other) bool
The equality operator.

Static Properties

defaultPolicy CORSPolicy
The default CORS policy.
no setter


simpleRequestHeaders → const List<String>
List of 'Simple' CORS headers.
simpleResponseHeaders → const List<String>
List of 'Simple' CORS Response headers.