## More info { #more-info }

For more info about <abbr title="Cross-Origin Resource Sharing">CORS</abbr>, check the <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS" class="external-link" target="_blank">Mozilla CORS documentation</a>.

/// note | Technical Details

You could also use `from starlette.middleware.cors import CORSMiddleware`.

 * governing permissions and limitations under the License.
 */
package org.codelibs.fess.cors;

import java.util.HashMap;
import java.util.Map;

import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/**
 * Factory for managing CORS handlers based on origin.
 * Maintains a registry of CORS handlers for different origins and provides lookup functionality.
 */
public class CorsHandlerFactory {

 * governing permissions and limitations under the License.
 */
package org.codelibs.fess.cors;

import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;

/**
 * Abstract base class for handling CORS (Cross-Origin Resource Sharing) requests.
 * Provides common CORS header constants and defines the processing interface.
 */
public abstract class CorsHandler {

    /**

import java.io.IOException;

import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.codelibs.core.lang.StringUtil;
import org.codelibs.fess.cors.CorsHandler;
import org.codelibs.fess.cors.CorsHandlerFactory;
import org.codelibs.fess.util.ComponentUtil;

import jakarta.servlet.Filter;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;

 * and applies standard CORS headers based on the application configuration.
 */
public class DefaultCorsHandler extends CorsHandler {

    /**
     * Creates a new instance of DefaultCorsHandler.
     * This constructor initializes the default CORS handler for applying
     * standard CORS headers based on application configuration.
     */
    public DefaultCorsHandler() {
        super();

have custom headers that you want a client in a browser to be able to see, you need to add them to your CORS configurations (read more in [CORS (Cross-Origin Resource Sharing)](../tutorial/cors.md){.internal-link target=_blank}), using the parameter `expose_headers` documented in <a href="https://www.starlette.io/middleware/#corsmiddleware" class="external-link" target="_blank">Starlette's CORS docs</a>....

In the main tutorial you read how to add [Custom Middleware](../tutorial/middleware.md){.internal-link target=_blank} to your application.

And then you also read how to handle [CORS with the `CORSMiddleware`](../tutorial/cors.md){.internal-link target=_blank}.

In this section we'll see how to use other middlewares.

## Adding ASGI middlewares { #adding-asgi-middlewares }

But if you have custom headers that you want a client in a browser to be able to see, you need to add them to your CORS configurations ([CORS (Cross-Origin Resource Sharing)](cors.md){.internal-link target=_blank}) using the parameter `expose_headers` documented in <a href="https://www.starlette.io/middleware/#corsmiddleware" class="external-link" target="_blank">Starlette's CORS docs</a>.

///

/// note | Technical Details

- BucketACL (Use [bucket policies](https://docs.min.io/community/minio-object-store/administration/identity-access-management/policy-based-access-control.html) instead)
- BucketCORS (CORS enabled by default on all buckets for all HTTP verbs, you can optionally restrict the CORS domains)
- BucketWebsite (Use [`caddy`](https://github.com/caddyserver/caddy) or [`nginx`](https://www.nginx.com/resources/wiki/))

        // create ES nodes
        final String clusterName = UUID.randomUUID().toString();
        runner.onBuild((number, settingsBuilder) -> {
            settingsBuilder.put("http.cors.enabled", true);
            settingsBuilder.put("http.cors.allow-origin", "*");
            settingsBuilder.put("discovery.type", "single-node");
        }).build(newConfigs().clusterName(clusterName).numOfNode(1));

        // wait for yellow status