CORSPolicy class Null safety

Describes a CORS policy for a Controller.

A CORS policy describes allowed origins, accepted HTTP methods and headers, exposed response headers and other values used by browsers to manage XHR requests to a Conduit application.

Every Controller has a Controller.policy. By default, this value is defaultPolicy, which is quite permissive.

Modifications to policy for a specific Controller can be accomplished in the initializer of the controller.

Application-wide defaults can be managed by modifying defaultPolicy in a ApplicationChannel's constructor.

Constructors

CORSPolicy(): Create a new instance of CORSPolicy.

Properties

allowCredentials ↔ bool?: Whether or not to allow use of credentials, including Authorization and cookies.
read / write
allowedMethods ↔ List<String>: Which HTTP methods are allowed.
read / write
allowedOrigins ↔ List<String>: The list of case-sensitive allowed origins.
read / write
allowedRequestHeaders ↔ List<String>: The allowed request headers.
read / write
cacheInSeconds ↔ int?: The number of seconds to cache a pre-flight request for a requesting client.
read / write
exposedResponseHeaders ↔ List<String>: Which response headers to expose to the client.
read / write
hashCode → int: The hash code for this object.
read-onlyinherited
runtimeType → Type: A representation of the runtime type of the object.
read-onlyinherited

Methods

headersForRequest(Request request) → Map<String, dynamic>: Returns a map of HTTP headers for a request based on this policy.
isRequestOriginAllowed(HttpRequest request) → bool: Whether or not this policy allows the Origin of the request.
noSuchMethod(Invocation invocation) → dynamic: Invoked when a non-existent method or property is accessed.
inherited
preflightResponse(Request req) → Response: Returns a preflight response for a given Request.
toString() → String: A string representation of this object.
inherited
validatePreflightRequest(HttpRequest request) → bool: Validates whether or not a preflight request matches this policy.

Operators

operator ==(Object other) → bool: The equality operator.
inherited

Static Properties

defaultPolicy → CORSPolicy: The default CORS policy.
read-only

Constants

simpleRequestHeaders → const List<String>: List of 'Simple' CORS headers.
["accept", "accept-language", "content-language", "content-type"]
simpleResponseHeaders → const List<String>: List of 'Simple' CORS Response headers.
["cache-control", "content-language", "content-type", "content-type", "expires", "last-modified", "pragma"]