import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;

/**
 * Filter for handling Cross-Origin Resource Sharing (CORS) requests.
 * Processes CORS headers and handles preflight OPTIONS requests.
 */
public class CorsFilter implements Filter {

    /**
     * Creates a new instance of CorsFilter.
     */
    public CorsFilter() {
        // Default constructor
    }

El middleware responde a dos tipos particulares de request HTTP...

### Requests de preflight CORS { #cors-preflight-requests }

Estos son cualquier request `OPTIONS` con headers `Origin` y `Access-Control-Request-Method`.

O middleware responde a dois tipos específicos de solicitação HTTP...

### Requisições CORS pré-voo (preflight) { #cors-preflight-requests }

Estas são quaisquer solicitações `OPTIONS` com cabeçalhos `Origin` e `Access-Control-Request-Method`.

`CORSMiddleware` отвечает на два типа HTTP-запросов...

### CORS-запросы с предварительной проверкой { #cors-preflight-requests }

Это любые `OPTIONS`-запросы с заголовками `Origin` и `Access-Control-Request-Method`.

  
  To allow cgroups v1 with `kubeadm` and `kubelet` version `v1.35` or newer, you must:
  - Ignore the error from the SystemVerification preflight check by `kubeadm`.

- kubeadm: removed `socat` and `ebtables` from kubeadm preflight checks ([#127151](https://github.com/kubernetes/kubernetes/pull/127151), [@saschagrunert](https://github.com/saschagrunert)) [SIG Cluster Lifecycle]

# Allowed origins for CORS.
api.cors.allow.origin=*
# Allowed HTTP methods for CORS.
api.cors.allow.methods=GET, POST, OPTIONS, DELETE, PUT
# Max age for CORS preflight requests.
api.cors.max.age=3600
# Allowed headers for CORS.
api.cors.allow.headers=Origin, Content-Type, Accept, Authorization, X-Requested-With
# Whether to allow credentials for CORS.
api.cors.allow.credentials=true

     * comment: Max age for CORS preflight requests.
     * @return The value of found property. (NotNull: if not found, exception but basically no way)
     */
    String getApiCorsMaxAge();

    /**
     * Get the value for the key 'api.cors.max.age' as {@link Integer}. <br>
     * The value is, e.g. 3600 <br>
     * comment: Max age for CORS preflight requests.

### Other (Cleanup or Flake)

- Kubeadm: removed `socat` and `ebtables` from kubeadm preflight checks ([#127416](https://github.com/kubernetes/kubernetes/pull/127416), [@saschagrunert](https://github.com/saschagrunert)) [SIG Cluster Lifecycle]

## Dependencies

### Added
_Nothing has changed._

with a content type of `text/plain` containing JSON data would be accepted and the JSON data would be extracted.

But requests with content type `text/plain` are exempt from [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) preflights, for being considered [Simple requests](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#simple_requests). So, the browser would execute them right away including cookies, and the text content could be a JSON string that would be parsed and...