CORS Filter : Request Tagging

The CORS Filter can be configured to tag HTTP requests with CORS-related information that may be consumed by downstream handlers (other filters or the target servlet).

To enable tagging set the cors.tagRequests configuration property to true:

cors.tagRequests = true

The filtered requests are tagged using the ServletRequest.setAttribute() method.

Downstream filters or target resources can retrieve the tags using ServletRequest.getAttribute().

public class MyServlet extends HttpServlet {


	public void doGet(HttpServletRequest request, HttpServletResponse response)
		throws IOException, ServletException {
	
		PrintWriter out = response.getWriter();
		
		boolean cors = (Boolean)request.getAttribute("cors.isCorsRequest");
		
		if (cors)
			out.println("The request is cross-site");
		else
			out.println("Regular request");
	}
}

These tags may be used to implement logging of cross-domain requests or to direct HTTP resources to perform specific action for CORS requests.

Supported tags

All tags are prefixed by "cors.".

cors.isCorsRequest {Boolean} Indicates if the HTTP request is CORS.
cors.origin {String} The value of the "Origin" header, null if undefined.
cors.requestType {String} If the request is CORS, indicates its type: "actual" for actual/simple or "preflight".
cors.requestHeaders {String} if the request is CORS preflight, the value of the "Access-Control-Request-Headers" header, null if undefined.