CORSResource.java

/* 
 * The MIT License
 *
 * Copyright 2013 Tim Boudreau.
 *
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of this software and associated documentation files (the "Software"), to deal
 * in the Software without restriction, including without limitation the rights
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 * copies of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included in
 * all copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 * THE SOFTWARE.
 */
package com.mastfrog.acteur;

import com.mastfrog.acteur.headers.HeaderValueType;
import com.mastfrog.acteur.headers.Headers;
import com.mastfrog.acteur.headers.Method;
import static com.mastfrog.acteur.headers.Method.OPTIONS;
import com.mastfrog.acteur.preconditions.Description;
import com.mastfrog.acteur.preconditions.Methods;
import static com.mastfrog.acteur.server.ServerModule.DEFAULT_CORS_ALLOW_ORIGIN;
import static com.mastfrog.acteur.server.ServerModule.DEFAULT_CORS_MAX_AGE_MINUTES;
import static com.mastfrog.acteur.server.ServerModule.SETTINGS_KEY_CORS_ALLOW_ORIGIN;
import static com.mastfrog.acteur.server.ServerModule.SETTINGS_KEY_CORS_MAX_AGE_MINUTES;
import com.mastfrog.acteur.util.CacheControl;
import com.mastfrog.acteur.util.CacheControlTypes;
import com.mastfrog.settings.Settings;
import io.netty.handler.codec.http.HttpHeaders;
import io.netty.handler.codec.http.HttpResponseStatus;
import javax.inject.Inject;
import org.joda.time.Duration;

/**
 *
 * @author Tim Boudreau
 */
@Description("Answers CORS preflight HTTP OPTIONS requests - see the ajax spec")
@Methods(OPTIONS)
final class CORSResource extends Page {

    private static final HeaderValueType<?>[] hdrs = new HeaderValueType<?>[]{
        Headers.CONTENT_TYPE,
        Headers.stringHeader(HttpHeaders.Names.ACCEPT),
        Headers.stringHeader("X-Requested-With")
    };

    private static final Method[] methods = new Method[]{
        Method.GET,
        Method.POST,
        Method.PUT,
        Method.DELETE,
        Method.OPTIONS
    };

    @Inject
    CORSResource(ActeurFactory af) {
        add(CorsHeaders.class);
        getResponseHeaders().setContentLength(0);
    }

    private static final class CorsHeaders extends Acteur {
        @Inject
        CorsHeaders(Settings settings) {
            String allowOrigin = settings.getString(SETTINGS_KEY_CORS_ALLOW_ORIGIN, DEFAULT_CORS_ALLOW_ORIGIN);
            Duration dur = Duration.standardMinutes(
                    settings.getLong(SETTINGS_KEY_CORS_MAX_AGE_MINUTES, DEFAULT_CORS_MAX_AGE_MINUTES));
            add(Headers.ACCESS_CONTROL_ALLOW_ORIGIN, allowOrigin);
            add(Headers.ACCESS_CONTROL_ALLOW, methods);
            add(Headers.ACCESS_CONTROL_ALLOW_HEADERS, hdrs);
            add(Headers.ACCESS_CONTROL_MAX_AGE, dur);
            add(Headers.CACHE_CONTROL, CacheControl.$(CacheControlTypes.Public).add(CacheControlTypes.max_age, Duration.standardDays(365)));
            setState(new RespondWith(HttpResponseStatus.NO_CONTENT));
        }
    }
}