import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;

/**
 * Filter for handling Cross-Origin Resource Sharing (CORS) requests.
 * Processes CORS headers and handles preflight OPTIONS requests.
 */
public class CorsFilter implements Filter {

    /**
     * Creates a new instance of CorsFilter.
     */
    public CorsFilter() {
        // Default constructor
    }

     * CORS header for allowing credentials.
     */
    protected static final String ACCESS_CONTROL_ALLOW_CREDENTIALS = "Access-Control-Allow-Credentials";

    /**
     * CORS header for specifying cache duration for preflight requests.
     */
    protected static final String ACCESS_CONTROL_MAX_AGE = "Access-Control-Max-Age";

    /**
     * Processes the CORS request by setting appropriate headers.
     *

* `max_age` - Sets a maximum time in seconds for browsers to cache CORS responses. Defaults to `600`.

The middleware responds to two particular types of HTTP request...

### CORS preflight requests { #cors-preflight-requests }

These are any `OPTIONS` request with `Origin` and `Access-Control-Request-Method` headers.

* `max_age` - Встановлює максимальний час (у секундах) для кешування CORS-відповідей у браузерах. За замовчуванням `600`.

Цей middleware обробляє два типи HTTP-запитів...

### Попередні CORS-запити (preflight requests)

Це будь-які `OPTIONS` - запити, що містять заголовки `Origin` та `Access-Control-Request-Method`.

        assertTrue(mockFilterChain.wasDoFilterCalled());
        assertTrue(handler.wasProcessCalled());
        assertEquals(0, mockResponse.getStatus());
    }

    // Test with OPTIONS request (preflight)
    public void test_doFilter_withCorsHandler_options() throws IOException, ServletException {
        String origin = "http://example.com";
        mockRequest.setHeader("Origin", origin);

- kubeadm: removed preflight check for nsenter on Linux nodes

- kubeadm: removed `socat` and `ebtables` from kubeadm preflight checks ([#127151](https://github.com/kubernetes/kubernetes/pull/127151), [@saschagrunert](https://github.com/saschagrunert)) [SIG Cluster Lifecycle]

- Kubeadm: Added support during the preflight check "CreateJob" of "kubeadm upgrade" to check if there are no nodes where a Pod can be scheduled. If there are none, show a warning and skip this preflight check. This can happen in single node clusters where the only node was drained. ([#124503](https://github.com/kubernetes/kubernetes/pull/124503), [@neolit123](https:/...

- Kubeadm: during the preflight check "CreateJob" of "kubeadm upgrade", check if there are no nodes where a Pod can schedule. If there are none, show a warning and skip this preflight check. This can happen in single node clusters where the only node was drained. ([#124570](https://github.com/kubernetes/kubernetes/pull/124570), [@neolit123](https://gi...

# Allowed origins for CORS.
api.cors.allow.origin=*
# Allowed HTTP methods for CORS.
api.cors.allow.methods=GET, POST, OPTIONS, DELETE, PUT
# Max age for CORS preflight requests.
api.cors.max.age=3600
# Allowed headers for CORS.
api.cors.allow.headers=Origin, Content-Type, Accept, Authorization, X-Requested-With
# Whether to allow credentials for CORS.
api.cors.allow.credentials=true