org.spincast.core.filters

Interface ISpincastFilters<R extends IRequestContext<?>>

All Known Implementing Classes:

SpincastFilters

public interface ISpincastFilters<R extends IRequestContext<?>>

Some filters provided by Spincast.

Method Summary

Modifier and Type	Method and Description
void	addDefaultGlobalTemplateVariables(R context) Adds some default variables so they are available by default to the templating engine (in a request scope).
void	addSecurityHeaders(R context) Adds some recommended security headers.
void	cache(R context)
void	cache(R context, int seconds)
void	cache(R context, int seconds, boolean isPrivate)
void	cache(R context, int seconds, boolean isPrivate, Integer cdnSeconds)
void	cors(R context) Cross-Origin Resource Sharing (Cors) handling.
void	cors(R context, Set<String> allowedOrigins) Cross-Origin Resource Sharing (Cors) handling.
void	cors(R context, Set<String> allowedOrigins, Set<String> extraHeadersAllowedToBeRead) Cross-Origin Resource Sharing (Cors) handling.
void	cors(R context, Set<String> allowedOrigins, Set<String> extraHeadersAllowedToBeRead, Set<String> extraHeadersAllowedToBeSent) Cross-Origin Resource Sharing (Cors) handling.
void	cors(R context, Set<String> allowedOrigins, Set<String> extraHeadersAllowedToBeRead, Set<String> extraHeadersAllowedToBeSent, boolean allowCookies) Cross-Origin Resource Sharing (Cors) handling.
void	cors(R context, Set<String> allowedOrigins, Set<String> extraHeadersAllowedToBeRead, Set<String> extraHeadersAllowedToBeSent, boolean allowCookies, Set<HttpMethod> allowedMethods) Cross-Origin Resource Sharing (Cors) handling.
void	cors(R context, Set<String> allowedOrigins, Set<String> extraHeadersAllowedToBeRead, Set<String> extraHeadersAllowedToBeSent, boolean allowCookies, Set<HttpMethod> allowedMethods, int maxAgeInSeconds) Cross-Origin Resource Sharing (Cors) handling.
boolean	saveGeneratedResource(R context, String pathForGeneratedResource) Used by Spincast to save a "dynamic resource" once it is generated.

Method Detail

saveGeneratedResource

boolean saveGeneratedResource(R context,
                              String pathForGeneratedResource)

Used by Spincast to save a "dynamic resource" once it is generated.

Returns:

true if the resource was succesfully saved on disk.

addSecurityHeaders

void addSecurityHeaders(R context)

Adds some recommended security headers.

See Also:

https://www.owasp.org/index.php/List_of_useful_HTTP_headers

cors

void cors(R context)

Cross-Origin Resource Sharing (Cors) handling.

This overload allows all origins, allows cookies, allows all HTTP methods, all headers will be allowed to be sent by the browser, but no extra headers will be available to be read by the browser.

By default, only those headers are available to be read :

• Cache-Control
• Content-Language
• Content-Type
• Expires
• Last-Modified
• Pragma

Send a Max-Age of 24h. The Max-Age is the maximum number of seconds a preflight response can be cached without querying again.

If you want to allow everything AND to add extra headers to be read, use :

cors(context, Sets.newHashSet("*"), Sets.newHashSet("extra-header-to-read1", "extra-header-to-read2"));

cors

void cors(R context,
          Set<String> allowedOrigins)

Cross-Origin Resource Sharing (Cors) handling.

This overload allows allows cookies, allows all HTTP methods for the specified origins, all headers will be allowed to be sent by the browser, but no extra headers will be available to be read by the browser.

By default, only those headers are available to be read :

• Cache-Control
• Content-Language
• Content-Type
• Expires
• Last-Modified
• Pragma

Send a Max-Age of 24h. The Max-Age is the maximum number of seconds a preflight response can be cached without querying again.

If you want to allow everything for those origins AND to add extra headers to be read, use : cors(context, allowedOrigins, Sets.newHashSet("extra-header-to-read1", "extra-header-to-read2"));

Parameters:

allowedOrigins - The origins to allow ("http://api.bob.com" for example). If one of the origins is "*", then all origins will be allowed!

cors

void cors(R context,
          Set<String> allowedOrigins,
          Set<String> extraHeadersAllowedToBeRead)

Cross-Origin Resource Sharing (Cors) handling.

This overload allows cookies, allows all HTTP methods and all headers will be allowed to be sent by the browser, for the specified origins.

Send a Max-Age of 24h. The Max-Age is the maximum number of seconds a preflight response can be cached without querying again.

Parameters:

allowedOrigins - The origins to allow ("http://api.bob.com" for example). If one of the origins is "*", then all origins will be allowed!

extraHeadersAllowedToBeRead - The extra headers the browser will have permission to read from the response. By default, only those headers are available : Cache-Control Content-Language Content-Type Expires Last-Modified Pragma

cors

void cors(R context,
          Set<String> allowedOrigins,
          Set<String> extraHeadersAllowedToBeRead,
          Set<String> extraHeadersAllowedToBeSent)

Cross-Origin Resource Sharing (Cors) handling.

This overload allows all cookies and all HTTP methods, for the specified origins.

Send a Max-Age of 24h. The Max-Age is the maximum number of seconds a preflight response can be cached without querying again.

Parameters:

allowedOrigins - The origins to allow ("http://api.bob.com" for example). If one of the origins is "*", then all origins will be allowed!

extraHeadersAllowedToBeRead - The extra headers the browser will have permission to read from the response. By default, only those headers are exposed : Cache-Control Content-Language Content-Type Expires Last-Modified Pragma

extraHeadersAllowedToBeSent - The extra headers the browser will be allowed to send with the actual (post preflight) request.

allowCookies - Should cookies be allowed?

cors

void cors(R context,
          Set<String> allowedOrigins,
          Set<String> extraHeadersAllowedToBeRead,
          Set<String> extraHeadersAllowedToBeSent,
          boolean allowCookies)

Cross-Origin Resource Sharing (Cors) handling.

This overload allows all HTTP methods, for the specified origins.

Send a Max-Age of 24h. The Max-Age is the maximum number of seconds a preflight response can be cached without querying again.

Parameters:

allowedOrigins - The origins to allow ("http://api.bob.com" for example). If one of the origins is "*", then all origins will be allowed!

extraHeadersAllowedToBeRead - The extra headers the browser will have permission to read from the response. By default, only those headers are exposed : Cache-Control Content-Language Content-Type Expires Last-Modified Pragma

extraHeadersAllowedToBeSent - The extra headers the browser will be allowed to send with the actual (post preflight) request.

allowCookies - Should cookies be allowed?

cors

void cors(R context,
          Set<String> allowedOrigins,
          Set<String> extraHeadersAllowedToBeRead,
          Set<String> extraHeadersAllowedToBeSent,
          boolean allowCookies,
          Set<HttpMethod> allowedMethods)

Cross-Origin Resource Sharing (Cors) handling.

Send a Max-Age of 24h. The Max-Age is the maximum number of seconds a preflight response can be cached without querying again.

Parameters:

allowedOrigins - The origins to allow ("http://api.bob.com" for example). If one of the origins is "*", then all origins are allowed!

extraHeadersAllowedToBeRead - The extra headers the browser will have permission to read from the response. By default, only those headers are available : Cache-Control Content-Language Content-Type Expires Last-Modified Pragma

extraHeadersAllowedToBeSent - The extra headers the browser will be allowed to send with the actual (post preflight) request. If one of the headers is "*", then all headers are allowed to be sent!

allowCookies - Should cookies be allowed?

allowedMethods - The HTTP method allowed. "OPTIONS" will be addded if not specified, as it should always be allowed.

cors

void cors(R context,
          Set<String> allowedOrigins,
          Set<String> extraHeadersAllowedToBeRead,
          Set<String> extraHeadersAllowedToBeSent,
          boolean allowCookies,
          Set<HttpMethod> allowedMethods,
          int maxAgeInSeconds)

Cross-Origin Resource Sharing (Cors) handling.

Parameters:

allowedOrigins - The origins to allow ("http://api.bob.com" for example). If one of the origins is "*", then all origins are allowed!

extraHeadersAllowedToBeRead - The extra headers the browser will have permission to read from the response. By default, only those headers are available : Cache-Control Content-Language Content-Type Expires Last-Modified Pragma

extraHeadersAllowedToBeSent - The extra headers the browser will be allowed to send with the actual (post preflight) request. If one of the headers is "*", then all headers are allowed to be sent!

allowCookies - Should cookies be allowed?

allowedMethods - The HTTP method allowed. "OPTIONS" will be addded if not specified, as it should always be allowed.

maxAgeInSeconds - The maximum number of seconds a preflight response can be cached without querying again. If <= 0, the "Access-Control-Max-Age" header won't be sent.

cache

void cache(R context)

cache

void cache(R context,
           int seconds)

cache

void cache(R context,
           int seconds,
           boolean isPrivate)

cache

void cache(R context,
           int seconds,
           boolean isPrivate,
           Integer cdnSeconds)

addDefaultGlobalTemplateVariables

void addDefaultGlobalTemplateVariables(R context)

Adds some default variables so they are available by default to the templating engine (in a request scope).