fix cors plugin docs

javalin · Jan 29, 2024 · 4929288 · 4929288
1 parent 41f2491
commit 4929288
Show file tree

Hide file tree

Showing 2 changed files with 104 additions and 31 deletions.
diff --git a/pages/docs/migration-guide-5-6.md b/pages/docs/migration-guide-5-6.md
@@ -474,6 +474,8 @@ Javalin.create { config ->
   conflict with Jetty's websocket dependency.
 * Now that Loom is part of the official JDKs, it is no longer opt-in, and therefor no longer enabled by default.  
   You can enable it by calling `config.useVirtualThreads = true`.
+* The bundled plugins are now available on `config.bundledPlugins`, instead of `config.plugins`.
+* The `add` method in the CORS-plugin is now called `addRule`.
 
 ## Additional changes
 It's hard to keep track of everything, but you can look at the

diff --git a/pages/plugins/cors.md b/pages/plugins/cors.md
@@ -21,15 +21,25 @@ The CORS plugin manages CORS related headers for you given some configuration su
 
 You can enable the cors plugin through the `config.plugins` part of the config:
 
-```java
+{% capture java %}
 Javalin.create(config -> {
-    config.plugins.enableCors(cors -> {
-        cors.add(it -> {
+    config.bundledPlugins.enableCors(cors -> {
+        cors.addRule(it -> {
             it.allowHost("example.com", "javalin.io");
         });
     });
 });
-```
+{% endcapture %}
+{% capture kotlin %}
+Javalin.create { config ->
+    config.bundledPlugins.enableCors { cors ->
+        cors.addRule {
+            it.allowHost("example.com", "javalin.io")
+        }
+    }
+}
+{% endcapture %}
+{% include macros/docsSnippet.html java=java kotlin=kotlin %}
 
 This example would allow the origins `https://example.com` and `https://javalin.io`.
 
@@ -42,67 +52,116 @@ Allowing everybody by using can be done with `anyHost()`.
 `anyHost()` adds the special star origin `*`, allowing any host from a CORS standpoint. Do note that you can still
 deny via other means such as an access manager, but it is recommended to just allow the hosts that you need.
 
-```java
+{% capture java %}
 Javalin.create(config -> {
-    config.plugins.enableCors(cors -> {
-        cors.add(it -> {
-            it.anyHost();
+    config.bundledPlugins.enableCors(cors -> {
+        cors.addRule(it -> {
+            it.allowHost("example.com", "javalin.io");
         });
     });
 });
-```
+{% endcapture %}
+{% capture kotlin %}
+Javalin.create { config ->
+    config.bundledPlugins.enableCors { cors ->
+        cors.addRule {
+            it.allowHost("example.com", "javalin.io")
+        }
+    }
+}
+{% endcapture %}
+{% include macros/docsSnippet.html java=java kotlin=kotlin %}
 
 Similar to `anyHost()` you can set `reflectClientOrigin = true` to reflect back the clients origin instead of the generic
 star. This has the same implications as `anyHost()`, so it should be considered carefully.
 
-```java
+{% capture java %}
 Javalin.create(config -> {
-    config.plugins.enableCors(cors -> {
-        cors.add(it -> {
+    config.bundledPlugins.enableCors(cors -> {
+        cors.addRule(it -> {
             it.reflectClientOrigin = true;
         });
     });
 });
-```
+{% endcapture %}
+{% capture kotlin %}
+Javalin.create { config ->
+    config.bundledPlugins.enableCors { cors ->
+        cors.addRule {
+            it.reflectClientOrigin = true
+        }
+    }
+}
+{% endcapture %}
+{% include macros/docsSnippet.html java=java kotlin=kotlin %}
 
 ## Subdomain wildcard support
 
 Special support for subdomains is added by allowing a single star as a wildcard.
 `allowHost("*.example.com")` would allow any subdomain of `example.com` to access your resources from a CORS standpoint.
 
-```java
+{% capture java %}
 Javalin.create(config -> {
-    config.plugins.enableCors(cors -> {
-        cors.add(it -> {
+    config.bundledPlugins.enableCors(cors -> {
+        cors.addRule(it -> {
             it.allowHost("*.example.com");
         });
     });
 });
-```
+{% endcapture %}
+{% capture kotlin %}
+Javalin.create { config ->
+    config.bundledPlugins.enableCors { cors ->
+        cors.addRule {
+            it.allowHost("*.example.com")
+        }
+    }
+}
+{% endcapture %}
+{% include macros/docsSnippet.html java=java kotlin=kotlin %}
 
 ## Multiple CORS configurations
 
 It is also possible to have different cors configurations for different paths.
 Take a look at the following example:
 
-```java
+{% capture java %}
 Javalin.create(config -> {
-    config.plugins.enableCors(cors -> {
-        cors.add(it -> {
-            it.path = "images*"
+    config.bundledPlugins.enableCors(cors -> {
+        cors.addRule(it -> {
+            it.path = "images*";
             it.allowHost("https://images.local");
         });
-        cors.add(it -> {
-            it.path = "videos*"
+        cors.addRule(it -> {
+            it.path = "videos*";
             it.allowHost("https://videos.local");
         });
-        cors.add(it -> {
-            it.path = "music*"
+        cors.addRule(it -> {
+            it.path = "music*";
             it.allowHost("https://music.local");
         });
     });
 });
-```
+{% endcapture %}
+{% capture kotlin %}
+Javalin.create { config ->
+    config.bundledPlugins.enableCors { cors ->
+        cors.addRule {
+            it.path = "images*"
+            it.allowHost("https://images.local")
+        }
+        cors.addRule {
+            it.path = "videos*"
+            it.allowHost("https://videos.local")
+        }
+        cors.addRule {
+            it.path = "music*"
+            it.allowHost("https://music.local")
+        }
+    }
+}
+{% endcapture %}
+{% include macros/docsSnippet.html java=java kotlin=kotlin %}
 
 Everything listed under `images` would be only accessible by the host `images.local` and everything under `videos`
 only to the host `videos.local`.
@@ -112,17 +171,29 @@ only to the host `videos.local`.
 For those who need it you can also set the `Access-Control-Allow-Credentials` header by setting `allowCredentials = true`
 and expose headers to the website's JavaScript by using e.g. `exposeHeader("x-server")` to expose the `x-server` header.
 
-```java
+{% capture java %}
 Javalin.create(config -> {
-    config.plugins.enableCors(cors -> {
-        cors.add(it -> {
+    config.bundledPlugins.enableCors(cors -> {
+        cors.addRule(it -> {
             it.allowHost("*.example.com");
             it.allowCredentials = true;
             it.exposeHeader("x-server");
         });
     });
 });
-```
+{% endcapture %}
+{% capture kotlin %}
+Javalin.create { config ->
+    config.bundledPlugins.enableCors { cors ->
+        cors.addRule {
+            it.allowHost("*.example.com")
+            it.allowCredentials = true
+            it.exposeHeader("x-server")
+        }
+    }
+}
+{% endcapture %}
+{% include macros/docsSnippet.html java=java kotlin=kotlin %}
 
 Do note that you cannot use Javalin's `anyHost()` option together with `Access-Control-Allow-Credentials` as that is 
 [explicitly forbidden by all browsers.](https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API/Using_Fetch#sect2)
@@ -160,4 +231,4 @@ axios.post("https://example.com", data, {
 });
 ```
 
-Source: [axios request config page](https://axios-http.com/docs/req_config)
+Source: [axios request config page](https://axios-http.com/docs/req_config)