Module org.omnifaces
Package org.omnifaces.renderer

Class CorsAwareResourceRenderer

java.lang.Object
jakarta.faces.render.Renderer
jakarta.faces.render.RendererWrapper
org.omnifaces.renderer.CorsAwareResourceRenderer
All Implemented Interfaces:
ComponentSystemEventListener, FacesListener, FacesWrapper<Renderer>, EventListener
public class CorsAwareResourceRenderer extends RendererWrapper implements ComponentSystemEventListener

The CorsAwareResourceRenderer is intended as an extension to the standard script and stylesheet resource renderer in order to add the crossorigin and integrity attributes as a pass-through attribute. By default, the crossorigin attribute will always be set to anonymous and the integrity attribute is only set when the ResourceHandler.createResource(String) returns an instance of CDNResource. It will then be set with a base64 encoded sha384 hash.

This includes declarative resources created by <h:outputScript> and <h:outputStylesheet>, annotated resources created by ResourceDependency, combined resources created by CombinedResourceHandler, deferred scripts created by DeferredScript and critical stylesheets created by CriticalStylesheet. Basically any resource which will be served by ResourceHandler.createResource(String).

Installation

You do not need to explicitly register this renderer in your faces-config.xml. It's already automatically registered.

Configuration

Currently only the following context parameter is available: "org.omnifaces.DEFAULT_CROSSORIGIN". This sets the desired value of crossorigin attribute of combined script resources. Supported values are specified in MDN. An empty string is also allowed, it will then completely skip the task of the current renderer. The default value when the context parameter is not set is anonymous (i.e. no cookies are transferred at all).

Usage

Eveything is automatic. In case you wish to override the default/configured outcome of one of the attributes on a specific resource component, then simply explicitly set it as a passthrough attribute yourself. For example, 

 <... xmlns:h="jakarta.faces.html" xmlns:a="jakarta.faces.passthrough">
 <h:outputScript name="..." a:crossorigin="use-credentials" />
Since:
5.0
Author:
Bauke Scholtz
See Also:

  • Field Details

    • DEFAULT_CROSSORIGIN

      public static final String DEFAULT_CROSSORIGIN
      The default value of the 'crossorigin' attribute.
      See Also:

    • PARAM_NAME_CROSSORIGIN

      public static final String PARAM_NAME_CROSSORIGIN
      The context parameter name to specify the value of the 'crossorigin' attribute for all resources. The value defaults to "anonymous".
      See Also:

  • Constructor Details

    • CorsAwareResourceRenderer

      public CorsAwareResourceRenderer()
      Do not use this constructor. It's merely there for ComponentSystemEventListener.

    • CorsAwareResourceRenderer

      public CorsAwareResourceRenderer(Renderer<?> wrapped)
      Creates a new instance of this CORS resource renderer which wraps the given resource renderer.
      Parameters:
      wrapped - The resource renderer to be wrapped.

  • Method Details

    • processEvent

      public void processEvent(ComponentSystemEvent event) throws AbortProcessingException
      If the wrapped script/stylesheet resource renderer is an instance of ComponentSystemEventListener then delegate the component system event to it. Generally these will further relocate the component resource depending on their target attribute.
      Specified by:
      processEvent in interface ComponentSystemEventListener
      Throws:
      AbortProcessingException

    • encodeBegin

      public void encodeBegin(FacesContext context, UIComponent component) throws IOException
      When the associated resource has a non-null name and no explicitly set passthrough attributes for crossorigin nor integrity, then set these as new passthrough attributes so that the default script/stylesheet resource renderer will write them.
      Overrides:
      encodeBegin in class RendererWrapper
      Throws:
      IOException

    • getCrossorigin

      public static String getCrossorigin(FacesContext context)
      Returns the configured crossorigin. Defaults to "anonymous".
      Parameters:
      context - The involved faces context.
      Returns:
      The configured crossorigin.

    • isNeedsIntegrity

      public static boolean isNeedsIntegrity(FacesContext context)
      Returns whether the integrity is needed. Defaults to true.
      Parameters:
      context - The involved faces context.
      Returns:
      Whether the integrity is needed.

    • getIntegrityIfNecessary

      public static String getIntegrityIfNecessary(FacesContext context, Resource resource)
      Returns the integrity of the given resource if necessary. It will only return a base64 encoded sha384 hash when the given resource is an instance of CDNResource and the getCrossorigin(FacesContext) equals to "anonymous".
      Parameters:
      context - The involved faces context.
      resource - The resource to get integrity for.
      Returns:
      The integrity of the given resource if necessary.