@Override protected void addCorsMappings(CorsRegistry registry) { registry.addMapping("/cors-restricted") .allowedOrigins("http://foo") .allowedMethods("GET", "POST"); registry.addMapping("/cors"); registry.addMapping("/ambiguous") .allowedMethods("GET", "POST"); } }
/** * Enable cross origin request handling for the specified path pattern. * * <p>Exact path mapping URIs (such as {@code "/admin"}) are supported as * well as Ant-style path patterns (such as {@code "/admin/**"}). * * <p>The following defaults are applied to the {@link CorsRegistration}: * <ul> * <li>Allow all origins.</li> * <li>Allow "simple" methods {@code GET}, {@code HEAD} and {@code POST}.</li> * <li>Allow all headers.</li> * <li>Set max age to 1800 seconds (30 minutes).</li> * </ul> */ public CorsRegistration addMapping(String pathPattern) { CorsRegistration registration = new CorsRegistration(pathPattern); this.registrations.add(registration); return registration; }
protected Map<String, CorsConfiguration> getCorsConfigurations() { Map<String, CorsConfiguration> configs = new LinkedHashMap<>(this.registrations.size()); for (CorsRegistration registration : this.registrations) { configs.put(registration.getPathPattern(), registration.getCorsConfiguration()); } return configs; }
@Test public void customizedMapping() { this.registry.addMapping("/foo").allowedOrigins("http://domain2.com", "http://domain2.com") .allowedMethods("DELETE").allowCredentials(false).allowedHeaders("header1", "header2") .exposedHeaders("header3", "header4").maxAge(3600); Map<String, CorsConfiguration> configs = this.registry.getCorsConfigurations(); assertEquals(1, configs.size()); CorsConfiguration config = configs.get("/foo"); assertEquals(Arrays.asList("http://domain2.com", "http://domain2.com"), config.getAllowedOrigins()); assertEquals(Arrays.asList("DELETE"), config.getAllowedMethods()); assertEquals(Arrays.asList("header1", "header2"), config.getAllowedHeaders()); assertEquals(Arrays.asList("header3", "header4"), config.getExposedHeaders()); assertEquals(false, config.getAllowCredentials()); assertEquals(Long.valueOf(3600), config.getMaxAge()); }
@Override public void addCorsMappings(CorsRegistry corsRegistry) { corsRegistry.addMapping("/**") .allowedOrigins("*") .allowedMethods("*") .allowedHeaders("DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range") .maxAge(3600); } }
@Override public void addCorsMappings(CorsRegistry registry) { Cors cors = applicationProperties.getAppConfigs().getCors(); if (cors.getEnabled()) { LOGGER.info("Spring MVC configuration: CORS mappings enabled"); registry.addMapping(cors.getPathPattern()) .allowedOrigins(cors.getAllowedOrigins()) .allowedMethods(cors.getAllowedMethods()) .exposedHeaders(cors.getExposedHeaders()) .allowCredentials(cors.getAllowCredentials()); } else { LOGGER.info("Spring MVC configuration: CORS mappings disabled"); } } };
@Override public void addCorsMappings(final CorsRegistry registry) { registry.addMapping("/**") .allowedHeaders("Access-Control-Allow-Origin", "*", "Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE", "Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept") .allowedOrigins("*") .allowedMethods("*"); } }
protected Map<String, CorsConfiguration> getCorsConfigurations() { Map<String, CorsConfiguration> configs = new LinkedHashMap<>(this.registrations.size()); for (CorsRegistration registration : this.registrations) { configs.put(registration.getPathPattern(), registration.getCorsConfiguration()); } return configs; }
/** * Enable cross origin request handling for the specified path pattern. * * <p>Exact path mapping URIs (such as {@code "/admin"}) are supported as * well as Ant-style path patterns (such as {@code "/admin/**"}). * * <p>By default, all origins, all headers, credentials and {@code GET}, * {@code HEAD}, and {@code POST} methods are allowed, and the max age * is set to 30 minutes. */ public CorsRegistration addMapping(String pathPattern) { CorsRegistration registration = new CorsRegistration(pathPattern); this.registrations.add(registration); return registration; }