Skip to content

guide cors spring

devonfw-core edited this page Nov 21, 2022 · 5 revisions

CORS configuration in Spring

Warning
Hey there! Seems like you are still using the documentation of our legacy Java repository. Since it won’t be maintained anymore, we recommend you to checkout the new Java page here.

Dependency

Warning
Hey there! Seems like you are still using the documentation of our legacy Java repository. Since it won’t be maintained anymore, we recommend you to checkout the new Java page here.

To enable the CORS support from the server side for your devon4j-Spring application, add the below dependency:

<dependency>
  <groupId>com.devonfw.java.starters</groupId>
  <artifactId>devon4j-starter-security-cors</artifactId>
</dependency>

Configuration

Warning
Hey there! Seems like you are still using the documentation of our legacy Java repository. Since it won’t be maintained anymore, we recommend you to checkout the new Java page here.

Add the below properties in your application.properties file:

#CORS support
security.cors.spring.allowCredentials=true
security.cors.spring.allowedOriginPatterns=*
security.cors.spring.allowedHeaders=*
security.cors.spring.allowedMethods=OPTIONS,HEAD,GET,PUT,POST,DELETE,PATCH
security.cors.pathPattern=/**
Attribute Description HTTP Header

allowCredentials

Decides the browser should include any cookies associated with the request (true if cookies should be included).

Access-Control-Allow-Credentials

allowedOrigins

List of allowed origins (use * to allow all orgins).

Access-Control-Allow-Origin

allowedMethods

List of allowed HTTP request methods (OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH, etc.).

-

allowedHeaders

List of allowed headers that can be used during the request (use * to allow all headers requested by the client)

Access-Control-Allow-Headers

pathPattern

Ant-style pattern for the URL paths where to apply CORS. Use "/**" to match all URL paths.

Clone this wiki locally