{"id":36705498,"url":"https://github.com/santoszv/cors-filter","last_synced_at":"2026-01-12T11:42:17.645Z","repository":{"id":57736846,"uuid":"173597081","full_name":"santoszv/cors-filter","owner":"santoszv","description":"Cross-Origin Resource Sharing (CORS) Web Filter","archived":false,"fork":false,"pushed_at":"2019-09-05T04:05:08.000Z","size":89,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2023-07-05T04:15:06.218Z","etag":null,"topics":["cors","kotlin","web"],"latest_commit_sha":null,"homepage":"","language":"Kotlin","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/santoszv.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-03-03T16:04:53.000Z","updated_at":"2019-09-05T04:05:09.000Z","dependencies_parsed_at":"2022-08-24T02:51:04.339Z","dependency_job_id":null,"html_url":"https://github.com/santoszv/cors-filter","commit_stats":null,"previous_names":[],"tags_count":5,"template":null,"template_full_name":null,"purl":"pkg:github/santoszv/cors-filter","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/santoszv%2Fcors-filter","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/santoszv%2Fcors-filter/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/santoszv%2Fcors-filter/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/santoszv%2Fcors-filter/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/santoszv","download_url":"https://codeload.github.com/santoszv/cors-filter/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/santoszv%2Fcors-filter/sbom","scorecard":{"id":800122,"data":{"date":"2025-08-11","repo":{"name":"github.com/santoszv/cors-filter","commit":"18c72fcfc903f2bd53bb59b249f019027ad6977f"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.9,"checks":[{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Binary-Artifacts","score":9,"reason":"binaries present in source code","details":["Warn: binary detected: gradle/wrapper/gradle-wrapper.jar:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Code-Review","score":0,"reason":"Found 0/23 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}}]},"last_synced_at":"2025-08-23T10:12:38.082Z","repository_id":57736846,"created_at":"2025-08-23T10:12:38.082Z","updated_at":"2025-08-23T10:12:38.082Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28338972,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-12T10:58:46.209Z","status":"ssl_error","status_checked_at":"2026-01-12T10:58:42.742Z","response_time":98,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cors","kotlin","web"],"created_at":"2026-01-12T11:42:17.576Z","updated_at":"2026-01-12T11:42:17.635Z","avatar_url":"https://github.com/santoszv.png","language":"Kotlin","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Cross-Origin Resource Sharing (CORS) Web Filter\r\n\r\nUser agents commonly apply same-origin restrictions to network requests. These\r\nrestrictions prevent a client-side Web application running from one origin from\r\nobtaining data retrieved from another origin, and also limit unsafe HTTP\r\nrequests that can be automatically launched toward destinations that differ\r\nfrom the running application's origin.\r\n\r\nIn user agents that follow this pattern, network requests typically include\r\nuser credentials with cross-origin requests, including HTTP authentication and\r\ncookie information.\r\n\r\nThis specification extends this model in several ways:\r\n\r\n- A response can include an Access-Control-Allow-Origin header, with the origin\r\n  of where the request originated from as the value, to allow access to the\r\n  resource's contents.\r\n\r\n  The user agent validates that the value and origin of where the request\r\n  originated match.\r\n\r\n- User agents can discover via a preflight request whether a cross-origin\r\n  resource is prepared to accept requests, using a non-simple method, from a\r\n  given origin.\r\n\r\n  This is again validated by the user agent.\r\n\r\n- Server-side applications are enabled to discover that an HTTP request was\r\n  deemed a cross-origin request by the user agent, through the Origin header.\r\n\r\n  This extension enables server-side applications to enforce limitations (e.g.\r\n  returning nothing) on the cross-origin requests that they are willing to\r\n  service.\r\n\r\n## Usage in Gradle (Kotlin)\r\n\r\n1. Add Maven Central repository\r\n\r\n    ```\r\n    repositories {\r\n        mavenCentral()\r\n    }\r\n    ```\r\n\r\n2. Add dependencies\r\n\r\n    ```\r\n    dependencies {\r\n        implementation(\"mx.com.inftel.oss:cors-filter:1.2.0\")\r\n    }\r\n    ```\r\n\r\n3. Create a CORS policies file in classpath\r\n\r\n    Full CORS policies file:\r\n\r\n    ```\r\n    \u003c?xml version=\"1.0\" encoding=\"UTF-8\"?\u003e\r\n    \u003ccors-policies\u003e\r\n        \u003corigins\u003e\r\n            \u003corigin\u003ehttp://frontend.domain.com\u003c/origin\u003e\r\n            \u003corigin\u003ehttps://frontend.domain.com\u003c/origin\u003e\r\n            \u003corigin\u003ehttp://frontend.domain.com:8080\u003c/origin\u003e\r\n            \u003corigin\u003ehttps://frontend.domain.com:8443\u003c/origin\u003e\r\n        \u003c/origins\u003e\r\n        \u003cmethods\u003e\r\n            \u003cmethod\u003eHEAD\u003c/method\u003e\r\n            \u003cmethod\u003eGET\u003c/method\u003e\r\n            \u003cmethod\u003ePOST\u003c/method\u003e\r\n            \u003cmethod\u003ePUT\u003c/method\u003e\r\n            \u003cmethod\u003eDELETE\u003c/method\u003e\r\n        \u003c/methods\u003e\r\n        \u003cheaders\u003e\r\n            \u003cheader\u003eAuthorization\u003c/header\u003e\r\n            \u003cheader\u003eContent-Type\u003c/header\u003e\r\n            \u003cheader\u003eX-Anti-CSRF\u003c/header\u003e\r\n            \u003cheader\u003eX-Requested-With\u003c/header\u003e\r\n        \u003c/headers\u003e\r\n        \u003cexposed-headers\u003e\r\n            \u003cheader\u003eContent-Length\u003c/header\u003e\r\n            \u003cheader\u003eWWW-Authenticate\u003c/header\u003e\r\n            \u003cheader\u003eServer-Authenticate\u003c/header\u003e\r\n            \u003cheader\u003eX-Anti-CSRF\u003c/header\u003e\r\n        \u003c/exposed-headers\u003e\r\n        \u003csupports-credentials\u003efalse\u003c/supports-credentials\u003e\r\n        \u003caccess-control-max-age\u003e-1\u003c/access-control-max-age\u003e\r\n        \u003cpreflight-continue-chain\u003efalse\u003c/preflight-continue-chain\u003e\r\n        \u003cpreflight-prefer-no-content\u003efalse\u003c/preflight-prefer-no-content\u003e\r\n    \u003c/cors-policies\u003e\r\n    ```\r\n\r\n    Recommended minimal CORS policies file:\r\n\r\n    ```\r\n    \u003c?xml version=\"1.0\" encoding=\"UTF-8\"?\u003e\r\n    \u003ccors-policies\u003e\r\n        \u003cheaders\u003e\r\n            \u003cheader\u003eAuthorization\u003c/header\u003e\r\n            \u003cheader\u003eContent-Type\u003c/header\u003e\r\n        \u003c/headers\u003e\r\n        \u003cexposed-headers\u003e\r\n            \u003cheader\u003eContent-Length\u003c/header\u003e\r\n            \u003cheader\u003eWWW-Authenticate\u003c/header\u003e\r\n            \u003cheader\u003eServer-Authenticate\u003c/header\u003e\r\n        \u003c/exposed-headers\u003e\r\n    \u003c/cors-policies\u003e\r\n    ```\r\n\r\n4. Add filter to web.xml\r\n\r\n    Example of filter using CORS policies file named cors-policies.xml at root\r\n    package:\r\n\r\n    ```\r\n    \u003cfilter\u003e\r\n        \u003cfilter-name\u003eCORS\u003c/filter-name\u003e\r\n        \u003cfilter-class\u003emx.com.inftel.cors.CORSServletFilter\u003c/filter-class\u003e\r\n        \u003cinit-param\u003e\r\n            \u003cparam-name\u003ecors-policies\u003c/param-name\u003e\r\n            \u003cparam-value\u003ecors-policies.xml\u003c/param-value\u003e\r\n        \u003c/init-param\u003e\r\n    \u003c/filter\u003e\r\n    ```\r\n\r\n5. Map filter to desired locations\r\n\r\n    ```\r\n    \u003cfilter-mapping\u003e\r\n        \u003cfilter-name\u003eCORS\u003c/filter-name\u003e\r\n        \u003curl-pattern\u003e/api/*\u003c/url-pattern\u003e\r\n        \u003cdispatcher\u003eREQUEST\u003c/dispatcher\u003e\r\n    \u003c/filter-mapping\u003e\r\n    ```\r\n\r\n## License\r\n\r\nCopyright 2019 Santos Zatarain Vera \u003ccoder.santoszv(at)gmail.com\u003e\r\n\r\nLicensed under the Apache License, Version 2.0 (the \"License\");\r\nyou may not use this file except in compliance with the License.\r\nYou may obtain a copy of the License at\r\n\r\n    http://www.apache.org/licenses/LICENSE-2.0\r\n\r\nUnless required by applicable law or agreed to in writing, software\r\ndistributed under the License is distributed on an \"AS IS\" BASIS,\r\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r\nSee the License for the specific language governing permissions and\r\nlimitations under the License.\r\n\r\n## Notice\r\n\r\nCopyright 2019 Santos Zatarain Vera (coder.santoszv_at_gmail.com). This\r\nproduct includes coded software by Santos Zatarain Vera and licensed under the\r\nApache License, Version 2.0 (https://github.com/santoszv/cors-filter).\r\n\r\nCopyright (C) 2015 W3C (R) (MIT, ERCIM, Keio, Beihang). This software or\r\ndocument includes material copied from or derived from Cross-Origin\r\nResource Sharing W3C Recommendation (https://www.w3.org/TR/cors/).\r\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsantoszv%2Fcors-filter","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsantoszv%2Fcors-filter","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsantoszv%2Fcors-filter/lists"}