Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Akka HTTP 1.0 CORS Support
import akka.http.scaladsl.model.HttpHeader
import akka.http.scaladsl.model.HttpMethods._
import akka.http.scaladsl.model.HttpResponse
import akka.http.scaladsl.model.headers.`Access-Control-Allow-Credentials`
import akka.http.scaladsl.model.headers.`Access-Control-Allow-Methods`
import akka.http.scaladsl.model.headers.`Access-Control-Allow-Origin`
import akka.http.scaladsl.model.headers.Origin
import akka.http.scaladsl.server.Directive0
import akka.http.scaladsl.server.Directives._
import akka.http.scaladsl.server.MethodRejection
import akka.http.scaladsl.server.RejectionHandler
trait CorsSupport {
protected def corsAllowOrigins: List[String]
protected def corsAllowedHeaders: List[String]
protected def corsAllowCredentials: Boolean
protected def optionsCorsHeaders: List[HttpHeader]
protected def corsRejectionHandler(allowOrigin: `Access-Control-Allow-Origin`) = RejectionHandler
.newBuilder().handle {
case MethodRejection(supported) =>
complete(HttpResponse().withHeaders(
`Access-Control-Allow-Methods`(OPTIONS, supported) ::
allowOrigin ::
optionsCorsHeaders
))
}
.result()
private def originToAllowOrigin(origin: Origin): Option[`Access-Control-Allow-Origin`] =
if (corsAllowOrigins.contains("*") || corsAllowOrigins.contains(origin.value))
origin.origins.headOption.map(`Access-Control-Allow-Origin`.apply)
else
None
def cors[T]: Directive0 = mapInnerRoute { route => context =>
((context.request.method, context.request.header[Origin].flatMap(originToAllowOrigin)) match {
case (OPTIONS, Some(allowOrigin)) =>
handleRejections(corsRejectionHandler(allowOrigin)) {
respondWithHeaders(allowOrigin, `Access-Control-Allow-Credentials`(corsAllowCredentials)) {
route
}
}
case (_, Some(allowOrigin)) =>
respondWithHeaders(allowOrigin, `Access-Control-Allow-Credentials`(corsAllowCredentials)) {
route
}
case (_, _) =>
route
})(context)
}
}
...
object Main extends App with CorsSupport {
override val corsAllowOrigins: List[String] = List("*")
override val corsAllowedHeaders: List[String] = List("Origin", "X-Requested-With", "Content-Type", "Accept", "Accept-Encoding", "Accept-Language", "Host", "Referer", "User-Agent")
override val corsAllowCredentials: Boolean = true
override val optionsCorsHeaders: List[HttpHeader] = List[HttpHeader](
`Access-Control-Allow-Headers`(corsAllowedHeaders.mkString(", ")),
`Access-Control-Max-Age`(60 * 60 * 24 * 20), // cache pre-flight response for 20 days
`Access-Control-Allow-Credentials`(corsAllowCredentials)
)
val routes = cors {
complete("CORS YES!")
}
...
}
@afigueroa14

This comment has been minimized.

Copy link

@afigueroa14 afigueroa14 commented Mar 25, 2016

How I can setup in the CORs the content-type, in order to restrict to specified format. ?

Ex. I would like that the payload only accept : 'Content-Type', 'application/json'

Regards,
Angel Figueroa

@bahtiyarerden

This comment has been minimized.

Copy link

@bahtiyarerden bahtiyarerden commented Aug 25, 2016

Hello,

it is not working in this situation:
`
final case class RequestContent(obj: String)

// collect your json format instances into a support trait:
trait JsonSupport extends SprayJsonSupport with DefaultJsonProtocol {
implicit val requestFormat = jsonFormat1(RequestContent) // contains List[Item]
}

class MyRoute extends Directives with CorsSupport with JsonSupport {
override val corsAllowOrigins: List[String] = List("http://localhost:8080")

override val corsAllowedHeaders: List[String] = List("Access-Control-Allow-Origin", "Access-Control-Allow-Headers", "Origin", "X-Requested-With", "Content-Type", "Accept", "Accept-Encoding", "Accept-Language", "Host", "Referer", "User-Agent", "Authorization")

override val corsAllowCredentials: Boolean = true
override val optionsCorsHeaders: List[HttpHeader] = List[HttpHeader](
Access-Control-Allow-Methods(OPTIONS, POST),
Access-Control-Allow-Headers(corsAllowedHeaders.mkString(", ")),
Access-Control-Max-Age(60 * 60 * 24 * 20), // cache pre-flight response for 20 days
Access-Control-Allow-Credentials(corsAllowCredentials)
)

def defineRoute() = {
val route = cors {
path("crawler") {
post {
// decompress gzipped or deflated requests if required
entity(as[RequestContent]) { content =>
print("req")
complete("handled")
}
}
}
}
route
}

}
`
But if i put the complete statement outside of the entity statement and remove the entity statement it works well. Could you help me fix this problem please. Thank you

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.