Reputation: 995
Enabling CORS globally in Spring Boot
I tried to enable CORS globally like this:
@Configuration
@ComponentScan("com.example")
@EnableWebMvc
public class OriginFilter extends WebMvcConfigurerAdapter {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**").allowedMethods("GET", "POST", "PUT", "DELETE");
}
}
I also tried this approach:
@Configuration
public class OriginFilter implements WebMvcConfigurer {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedOrigins("*")
.allowedMethods("GET", "POST", "PUT", "DELETE", "HEAD")
.allowCredentials(true);
}
}
But none of these worked for me.
An annotation @CrossOrigin for an individual class works, but I wanted to enable CORS it globally.
Upvotes: 26
Views: 44270
Answers (9)
Reputation: 720
I will add some comments to this answer https://stackoverflow.com/a/51721298/9209083, which was helpful.
Configuration :
config.setAllowedCredentials(true)
config.setAllowedOrigins(List.of("*"));
will throw an exception (at least for spring 6):
When allowCredentials is true, allowedOrigins cannot contain the special value "*" since that cannot be set on the "Access-Control-Allow-Origin" response header. To allow credentials to a set of origins, list them explicitly or consider using "allowedOriginPatterns" instead.
Source code: CorsConfiguration.java:516 (spring-web-6.0.11.jar:6.0.11)
Upvotes: 0
Reputation: 2800
I fixed this issue by adding the following config class :
@Configuration
@EnableWebMvc
public class WebConfig implements WebMvcConfigurer {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**");
}
}
This method enables CORS requests from any origin to any endpoint in the application.
Upvotes: 0
Reputation: 585
I have had issues with this problem as well and have attempted to use some of solutions listed on this page, I had little success. I am using spring boot version 2.1.2.RELEASE.
This solved it for me,
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
blah
blah
@Bean
public CorsFilter corsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
config.addAllowedOrigin("http://localhost:4200");
config.addAllowedHeader("*");
config.addAllowedMethod("GET");
config.addAllowedMethod("PUT");
source.registerCorsConfiguration("/**", config);
return new CorsFilter(source);
}
Where blah blah is the rest of my code.
I have no idea why this method worked for me and the others did not, it allowed my typescript application making connections from localhost:4200 to connect to my spring boot application running on localhost:8080
Upvotes: 1
Reputation: 582
Hi I have gone through this issue(Global Configuration wasn't working) recently! and I found something useful.
We should NOT add backslash at the end like this http://localhost:4200/
Basically it should be http://localhost:4200 (not backslash at end)
Upvotes: 1
Reputation: 584
here is the solution for your approach. this is working fine as expected. it may be too late. but it will be useful for someone.
there are two ways to enable globally.
1.One is through creating bean. 2.other one is thorugh annotaion
1st Method:
@Configuration
public class CorsConfiguration {
@Bean
public WebMvcConfigurer corsConfigurer() {
return new WebMvcConfigurer() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**").allowedMethods("GET", "POST", "PUT", "DELETE")
.allowedOrigins("*")
.allowedHeaders("*");
}
};
}
}
2nd method:
by adding @CrossOrigin annotation on the top of the controller class.
but First Two methods is not working for PUT Request for me. For Put Method, you can use the following approach.
The following approach will work for all the type of requests.
@Configuration
public class CorsConfig {
@Bean
public CorsFilter corsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
config.addAllowedOrigin("*");
config.addAllowedHeader("*");
config.addAllowedMethod("OPTIONS");
config.addAllowedMethod("GET");
config.addAllowedMethod("POST");
config.addAllowedMethod("PUT");
config.addAllowedMethod("DELETE");
source.registerCorsConfiguration("/**", config);
return new CorsFilter(source);
}
}
Upvotes: 3
Reputation: 44685
You could indeed define your own Filter as you mentioned in your answer. Spring already has such a CorsFilter already though, so you don't have to create one yourself. Just register it as a bean and it should work:
@Bean
public CorsFilter corsFilter() {
final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
final CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
// Don't do this in production, use a proper list of allowed origins
config.setAllowedOrigins(Collections.singletonList("*"));
config.setAllowedHeaders(Arrays.asList("Origin", "Content-Type", "Accept"));
config.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "OPTIONS", "DELETE", "PATCH"));
source.registerCorsConfiguration("/**", config);
return new CorsFilter(source);
}
Upvotes: 61
Reputation: 181
You can also do the following to enable CORS globally in Spring Boot application. However please note that WebMvcConfigurerAdapter is deprecated.
@SuppressWarnings("deprecation")
@SpringBootApplication(exclude = org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration.class)
public class SpringbootMongodbDemoApplication {
public static void main(String[] args) {
SpringApplication.run(SpringbootMongodbDemoApplication.class, args);
}
@Bean
public WebMvcConfigurer corsConfigurer() {
return new WebMvcConfigurerAdapter() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**").allowedOrigins("*");
}
};
}
Also in the Controller add the following-
@PostMapping("/addfeedback")
@CrossOrigin(origins = "*")
public FeedbackForResolution addFeedback(@RequestBody FeedbackForResolution feedback) {
.
.
.
}
Upvotes: 3
Reputation: 315
The working global CORS configuration using WebMvcConfigurer for me without using filter.
@Configuration
public class GlobalCorsConfiguration {
public GlobalCorsConfiguration() {
super();
}
/**
* Bean to define global CORS.
*
* @return
*/
@Bean
public WebMvcConfigurer corsConfigurer() {
return new WebMvcConfigurerAdapter() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**").allowedMethods("HEAD", "GET", "PUT", "POST", "DELETE", "PATCH");
}
};
}
}
Thanks.
Upvotes: 3
Reputation: 995
I solved this problem by adding filterClass
@Component
public class CORSFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) servletResponse;
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, PUT, OPTIONS, DELETE, PATCH");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "Origin, Content-Type, Accept");
response.setHeader("Access-Control-Expose-Headers", "Location");
filterChain.doFilter(servletRequest, servletResponse);
}
@Override
public void destroy() {
}
}
Upvotes: 4
Related Questions
- CORS settings in Spring boot does not work
- CORS support in spring boot and security
- How to allow all requests in spring boot enabled with CORS?
- Spring Boot CORS enable through configuration
- Spring Boot and CORS
- Spring Boot CORS issue
- CORS policy conflict in Spring boot
- global cors configuration does not work in spring boot but indivisual @CrossOrigins work
- Configure Spring for CORS
- Enable CORS Globally in Java