CORS Filter : Request Tagging

Apart from its main task of providing correct handling of browser cross-domain requests according to the CORS protocol, the CORS Filter also tags filtered HTTP requests with CORS-related information that may be used by downstream handlers (other filters or the target resource).

The filtered requests are tagged using the ServletRequest.setAttribute() method.

Downstream filters or target resources can retrieve the tags using ServletRequest.getAttribute().

public class MyServlet extends HttpServlet {


	public void doGet(HttpServletRequest request, HttpServletResponse response)
		throws IOException, ServletException {
	
		PrintWriter out = response.getWriter();
		
		boolean cors = (Boolean)request.getAttribute("cors.isCorsRequest");
		
		if (cors)
			out.println("The request is cross-site");
		else
			out.println("Regular request");
	}
}

These tags may be used to implement logging of cross-domain requests or to direct HTTP resources to perform specific action for CORS requests.

Supported tags

All tags are prefixed by "cors.".

cors.isCorsRequest {Boolean} Indicates if the HTTP request is CORS.
cors.origin {String} The value of the "Origin" header, null if undefined.
cors.requestType {String} If the request is CORS, indicates its type: "actual" for actual/simple or "preflight".
cors.requestHeaders {String} if the request is CORS preflight, the value of the "Access-Control-Request-Headers" header, null if undefined.