pekko/akka-docs/rst/java/http/routing-dsl/directives/header-directives/checkSameOrigin.rst

.. _-checkSameOrigin-java-:

checkSameOrigin
===============

Description
-----------
Checks that request comes from the same origin. Extracts the ``Origin`` header value and verifies that allowed range
contains the obtained value. In the case of absent of the ``Origin`` header rejects with a ``MissingHeaderRejection``.
If the origin value is not in the allowed range rejects with an ``InvalidOriginHeaderRejection``
and ``StatusCodes.FORBIDDEN`` status.

Example
-------
Checking the ``Origin`` header:

.. includecode:: ../../../../code/docs/http/javadsl/server/directives/HeaderDirectivesExamplesTest.java#checkSameOrigin
+htp #20535 add checkSameOrigin directive to HeaderDirectives (#20560) * #20535 add checkSameOrigin directive to WebSocketDirectives * refactoring + add docs * refactoring + cleanup in docs * fix types and conversions in the InvalidOriginHeaderRejection * simplify InvalidOriginHeaderRejection to InvalidOriginRejection 2016-06-02 13:58:20 +04:00			`.. _-checkSameOrigin-java-:`

			`checkSameOrigin`
			`===============`

			`Description`
			`-----------`
			Checks that request comes from the same origin. Extracts the ``Origin`` header value and verifies that allowed range
			contains the obtained value. In the case of absent of the ``Origin`` header rejects with a ``MissingHeaderRejection``.
			If the origin value is not in the allowed range rejects with an ``InvalidOriginHeaderRejection``
			and ``StatusCodes.FORBIDDEN`` status.

			`Example`
			`-------`
			Checking the ``Origin`` header:

			`.. includecode:: ../../../../code/docs/http/javadsl/server/directives/HeaderDirectivesExamplesTest.java#checkSameOrigin`