Cors-play

Easy CORS support for Play

View the Project on GitHub knutwalker/cors-play

CORS Play

Build Status Coverage Status

Easy CORS integration for Play:

Installation

Stable Version

Add this to your play build/sbt

libraryDependencies ++= Seq(
  "de.knutwalker" %% "cors-play" % "0.1.0"
)

Snapshot Version

resolvers += "Sonatype snapshots" at "http://oss.sonatype.org/content/repositories/snapshots/"

libraryDependencies ++= Seq(
  "de.knutwalker" %% "cors-play" % "0.1.1-SNAPSHOT"
)

Usage

You have to mixin the CorsSupport trait into your Global object

import de.knutwalker.play.cors.{ CorsStrategy, CorsSupport }
import play.api.GlobalSettings

object Global extends GlobalSettings with CorsSupport {

  override val corsStrategy = CorsStrategy.Everyone
}

You can choose different a CorsStrategy to customize the behavior

CorsStrategy Behaviour
Everyone Allow every request, event malformed (not CORS) ones
Origin Allow requests with the Origin header set. For valid CORS requests, this is the same as Everyone.
NoOne Do not allow any requests
Localhost Only allow requests from localhost
Localhost([ports]) Only allow requests from localhost that originate from a given list of ports
Fixed([origins]) Provide a fixed set of allowed origins. This results in white-listing behaviour on the browser-side (as the origins are sent as is)
WhiteList([origins]) Provide a white list of origins, that are allow to make a CORS request. The list is resolved on server-side, only the white-listed origin is sent in the header.
BlackList([origins]) Provide a black list of origins, that are not allowed to make CORS requests. The list is resolved on server-side, only the not-black-listed origin is sent in the header.
Satisfies(handler) Define a custom check, that return true for allowed requests, and false otherwise. (Sent origin will be *)
Satisfies(handler).allowing(origin) Define a custom check, that return true for allowed requests, and false otherwise. (Sent origin will be origin)
Satisfies(handler).withOrigin Define a custom check, that return true for allowed requests, and false otherwise. (Sent origin will be the value from the Origin header)
CustomPF(handler) Define a custom check as a partial function, that will match and return an origin for allowed requests, and won't match otherwise
Custom(handler) Define a custom check, that will return Some(origin) for allowed requests, and None otherwise.

License

This software is released under the MIT Licence

http://knutwalker.mit-license.org/

Fork me on GitHub