public class CorsConfiguration {

/**

* Wildcard representing <em>all</em> origins, methods, or headers.

*/

public static final String ALL = "*";

private static final List<HttpMethod> DEFAULT_METHODS;

static {

List<HttpMethod> rawMethods = new ArrayList<HttpMethod>(2);

rawMethods.add(HttpMethod.GET);

rawMethods.add(HttpMethod.HEAD);

DEFAULT_METHODS = Collections.unmodifiableList(rawMethods);

}

private List<String> allowedOrigins;

private List<String> allowedMethods;

private List<HttpMethod> resolvedMethods = DEFAULT_METHODS;

private List<String> allowedHeaders;

private List<String> exposedHeaders;

private Boolean allowCredentials;

private Long maxAge;

/**

* Construct a new {@code CorsConfiguration} instance with no cross-origin

* requests allowed for any origin by default.

* @see #applyPermitDefaultValues()

*/

public CorsConfiguration() {

}

/**

* Construct a new {@code CorsConfiguration} instance by copying all

* values from the supplied {@code CorsConfiguration}.

*/

public CorsConfiguration(CorsConfiguration other) {

this.allowedOrigins = other.allowedOrigins;

this.allowedMethods = other.allowedMethods;

this.resolvedMethods = other.resolvedMethods;

this.allowedHeaders = other.allowedHeaders;

this.exposedHeaders = other.exposedHeaders;

this.allowCredentials = other.allowCredentials;

this.maxAge = other.maxAge;

}

/**

Set<String> combined = new LinkedHashSet<String>(source);

return new ArrayList<String>(combined);

* Set the origins to allow, e.g. {@code "http://domain1.com"}.

* <p>The special value {@code "*"} allows all domains.

* <p>By default this is not set.

*/

public void setAllowedOrigins(List<String> allowedOrigins) {

this.allowedOrigins = (allowedOrigins != null ? new ArrayList<String>(allowedOrigins) : null);

}