'How to allow CrossOrigin from all domains?
Is there anyway to make this end point allow request from anywhere?
I've tried like but none of them worked.
@CrossOrigin(origins = "")
@CrossOrigin(origins = "http://")
@CrossOrigin(origins = "http://localhost:3001")
@GetMapping(path="/transactions")
public @ResponseBody List<RealEstateTransaction> getTransactions() {
return realEstateTransactionService.findTargets();
}
Solution 1:[1]
While working with cross domains, most of the time we tend to worry about what & where it went wrong. There are many factors including security, web components, sockets, etc to be handled at the server side before a request is processed. Many ways to implement the CORS
in the Spring Boot application.
1. Annotation
By implementing @CrossOrigin
like what you did in the Main
class. Also can be done by adding @CrossOrigin
to specific controllers/methods, if particular API should be accessed only from specific domain.
@CrossOrigin("*") // to allow from all domains
@CrossOrigin("http://localhost:3001") // to allow from specific domain
@CrossOrigin(origins = "http://localhost:3001")
2. WebConfig
If Spring Application is MVC where the resources could be accessed. Simply add the CORS mappings by overriding WebMvcConfigurer's
addCorsMappings
function.
@Configuration
@EnableWebMvc
public class WebConfig implements WebMvcConfigurer {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**").allowedOrigins("*").allowedHeaders("*");
}
}
3. SecurityConfig
When security is enabled in the application then CORS must be implementated in the SecurityConfig
. Registering the CORS filter can be done in many ways. One is adding UrlBasedCorsConfigurationSource
to the http.cors() function. Another is to create CustomCorsFilter
by extending the CorsFilter
.
public class CustomCorsFilter extends CorsFilter {
public CustomCorsFilter() {
super(configurationSource());
}
public static UrlBasedCorsConfigurationSource configurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowCredentials(true);
configuration.addAllowedOrigin("*");
configuration.addAllowedHeader("*");
configuration.setMaxAge(3600L);
UrlBasedCorsConfigurationSource corsConfigurationSource = new UrlBasedCorsConfigurationSource();
corsConfigurationSource.registerCorsConfiguration("/**", configuration);
return corsConfigurationSource;
}
}
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
String[] paths = {"/auth/**", "/env"};
//http.cors().configurationSource(CustomCorsFilter.configurationSource()); // Option 1
http
.csrf().disable()
.exceptionHandling()
.authenticationEntryPoint(this.authenticationEntryPoint)
.and()
.authorizeRequests()
.antMatchers(paths)
.permitAll()
.and()
.authorizeRequests()
.antMatchers("/**")
.authenticated()
.and()
.addFilterBefore(new CustomCorsFilter(), UsernamePasswordAuthenticationFilter.class); //option 2
}
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
Solution | Source |
---|---|
Solution 1 | Emiliano Ruiz |