/** * Constructor which creates an interceptor with default CORS configuration for use in * a FHIR server. This includes: * <ul> * <li>Allowed Origin: *</li> * <li>Allowed Header: Accept</li> * <li>Allowed Header: Access-Control-Request-Headers</li> * <li>Allowed Header: Access-Control-Request-Method</li> * <li>Allowed Header: Cache-Control</li> * <li>Exposed Header: Content-Location</li> * <li>Allowed Header: Content-Type</li> * <li>Exposed Header: Location</li> * <li>Allowed Header: Origin</li> * <li>Allowed Header: Prefer</li> * <li>Allowed Header: X-Requested-With</li> * </ul> * Note that this configuration is useful for quickly getting CORS working, but * in a real production system you probably want to consider whether it is * appropriate for your situation. In particular, using "Allowed Origin: *" * isn't always the right thing to do. */ public CorsInterceptor() { this(createDefaultCorsConfig()); }
/** * Constructor which creates an interceptor with default CORS configuration for use in * a FHIR server. This includes: * <ul> * <li>Allowed Origin: *</li> * <li>Allowed Header: Accept</li> * <li>Allowed Header: Access-Control-Request-Headers</li> * <li>Allowed Header: Access-Control-Request-Method</li> * <li>Allowed Header: Cache-Control</li> * <li>Exposed Header: Content-Location</li> * <li>Allowed Header: Content-Type</li> * <li>Exposed Header: Location</li> * <li>Allowed Header: Origin</li> * <li>Allowed Header: Prefer</li> * <li>Allowed Header: X-Requested-With</li> * </ul> * Note that this configuration is useful for quickly getting CORS working, but * in a real production system you probably want to consider whether it is * appropriate for your situation. In particular, using "Allowed Origin: *" * isn't always the right thing to do. */ public CorsInterceptor() { this(createDefaultCorsConfig()); }