Java Code Examples for org.springframework.web.cors.CorsConfiguration#setAllowCredentials()

The following examples show how to use org.springframework.web.cors.CorsConfiguration#setAllowCredentials() . These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
@Bean
public CorsConfigurationSource corsConfigurationSource() {
  CorsConfiguration configuration = new CorsConfiguration().applyPermitDefaultValues();
  configuration.setAllowedOrigins(ImmutableList.of("*"));
  configuration.setAllowedMethods(ImmutableList.of("HEAD", "GET", "POST", "PUT", "DELETE", "PATCH"));
  // setAllowCredentials(true) is important, otherwise:
  // The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the
  // request's credentials mode is 'include'.
  configuration.setAllowCredentials(true);
  // setAllowedHeaders is important! Without it, OPTIONS preflight request
  // will fail with 403 Invalid CORS request
  configuration.setAllowedHeaders(ImmutableList.of("Authorization", "Cache-Control", "Content-Type"));

  UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
  source.registerCorsConfiguration("/**", configuration);
  return source;
}
 
Example 2
Source Project: mall-tiny   File: GlobalCorsConfig.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * 允许跨域调用的过滤器
 */
@Bean
public CorsFilter corsFilter() {
    CorsConfiguration config = new CorsConfiguration();
    //允许所有域名进行跨域调用
    config.addAllowedOrigin("*");
    //允许跨越发送cookie
    config.setAllowCredentials(true);
    //放行全部原始头信息
    config.addAllowedHeader("*");
    //允许所有请求方法跨域调用
    config.addAllowedMethod("*");
    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    source.registerCorsConfiguration("/**", config);
    return new CorsFilter(source);
}
 
Example 3
Source Project: swagger-showdoc   File: CrossConfig.java    License: Apache License 2.0 6 votes vote down vote up
@Bean
   public FilterRegistrationBean corsFilter() {
       UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
       CorsConfiguration config = new CorsConfiguration();
       config.setAllowCredentials(true);
       // 设置你要允许的网站域名,如果全允许则设为 *
       config.addAllowedOrigin("*");
       // 如果要限制 HEADER 或 METHOD 请自行更改
       config.addAllowedHeader("*");
       config.addAllowedMethod("*");
       source.registerCorsConfiguration("/**", config);
       FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source));
       // 这个顺序很重要哦,为避免麻烦请设置在最前
       bean.setOrder(0);
       return bean;
}
 
Example 4
Source Project: NFVO   File: SecurityConfig.java    License: Apache License 2.0 5 votes vote down vote up
@Bean
@ConditionalOnProperty(prefix = "nfvo.security", name = "cors")
public FilterRegistrationBean simpleCorsFilter() {
  UrlBasedCorsConfigurationSource corsConfigurationSource = new UrlBasedCorsConfigurationSource();
  CorsConfiguration corsConfiguration = new CorsConfiguration();
  corsConfiguration.setAllowCredentials(false);
  corsConfiguration.addAllowedOrigin("*");
  corsConfiguration.addAllowedHeader("*");
  corsConfiguration.addAllowedMethod("*");
  corsConfigurationSource.registerCorsConfiguration("/**", corsConfiguration);
  FilterRegistrationBean bean =
      new FilterRegistrationBean(new CorsFilter(corsConfigurationSource));
  bean.setOrder(Ordered.HIGHEST_PRECEDENCE);
  return bean;
}
 
Example 5
@Bean
CorsConfigurationSource corsConfigurationSource() {
    CorsConfiguration config = new CorsConfiguration();
    config.setAllowCredentials(true);
    config.setAllowedOrigins(Arrays.asList("http://localhost:8080"));
    config.addAllowedHeader("*");
    config.addAllowedMethod("*");
    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    source.registerCorsConfiguration("/**", config);
    return source;
}
 
Example 6
Source Project: influx-proxy   File: InfluxFilterConfig.java    License: Apache License 2.0 5 votes vote down vote up
@Bean
public FilterRegistrationBean corsFilter() {
	final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
	CorsConfiguration config = new CorsConfiguration();
	config.setAllowCredentials(true);
	config.addAllowedOrigin("*");
	config.addAllowedHeader("*");
	config.addAllowedMethod("*");
	source.registerCorsConfiguration("/**", config);
	FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source));
	bean.setOrder(0);
	return bean;
}
 
Example 7
@Bean
public CorsConfigurationSource corsConfigurationSource() {
    final CorsConfiguration configuration = new CorsConfiguration();
    configuration.setMaxAge(3600L);
    configuration.setAllowedOrigins(Collections.singletonList("*"));
    configuration.setAllowedMethods(Collections.singletonList("*"));
    configuration.setAllowCredentials(true);
    configuration.setAllowedHeaders(Collections.singletonList("*"));
    final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    source.registerCorsConfiguration("/api/**", configuration);
    return source;
}
 
Example 8
Source Project: ChengFeng1.5   File: CorsConfig.java    License: MIT License 5 votes vote down vote up
public CorsConfiguration buildConfig(){
        CorsConfiguration corsConfiguration=new CorsConfiguration();
        corsConfiguration.setAllowCredentials(true);
        corsConfiguration.addAllowedHeader("*");
        corsConfiguration.addAllowedMethod("*");
        corsConfiguration.addAllowedOrigin("*");
//        corsConfiguration.addExposedHeader("Authorization");
//        corsConfiguration.addExposedHeader(X_TOTAL_COUNT);
        return corsConfiguration;
    }
 
Example 9
Source Project: HIS   File: SecurityConfig.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * 允许跨域调用的过滤器
 */
@Bean
public CorsFilter corsFilter() {
    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    CorsConfiguration config = new CorsConfiguration();
    config.addAllowedOrigin("*");
    config.setAllowCredentials(true);
    config.addAllowedHeader("*");
    config.addAllowedMethod("*");
    source.registerCorsConfiguration("/**", config);
    FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source));
    bean.setOrder(0);
    return new CorsFilter(source);
}
 
Example 10
@Override
protected CorsConfiguration initCorsConfiguration(Object handler, Method method, RequestMappingInfo mappingInfo) {
	HandlerMethod handlerMethod = createHandlerMethod(handler, method);
	CrossOrigin typeAnnotation = AnnotatedElementUtils.findMergedAnnotation(handlerMethod.getBeanType(), CrossOrigin.class);
	CrossOrigin methodAnnotation = AnnotatedElementUtils.findMergedAnnotation(method, CrossOrigin.class);

	if (typeAnnotation == null && methodAnnotation == null) {
		return null;
	}

	CorsConfiguration config = new CorsConfiguration();
	updateCorsConfig(config, typeAnnotation);
	updateCorsConfig(config, methodAnnotation);

	if (CollectionUtils.isEmpty(config.getAllowedOrigins())) {
		config.setAllowedOrigins(Arrays.asList(CrossOrigin.DEFAULT_ORIGINS));
	}
	if (CollectionUtils.isEmpty(config.getAllowedMethods())) {
		for (RequestMethod allowedMethod : mappingInfo.getMethodsCondition().getMethods()) {
			config.addAllowedMethod(allowedMethod.name());
		}
	}
	if (CollectionUtils.isEmpty(config.getAllowedHeaders())) {
		config.setAllowedHeaders(Arrays.asList(CrossOrigin.DEFAULT_ALLOWED_HEADERS));
	}
	if (config.getAllowCredentials() == null) {
		config.setAllowCredentials(CrossOrigin.DEFAULT_ALLOW_CREDENTIALS);
	}
	if (config.getMaxAge() == null) {
		config.setMaxAge(CrossOrigin.DEFAULT_MAX_AGE);
	}
	return config;
}
 
Example 11
Source Project: FlyCms   File: CorsConfig.java    License: MIT License 5 votes vote down vote up
@Bean  //项目加载时,把过滤器生成,来统一管理跨源请求(不用再在每个controller上单独配置)
public CorsFilter corsFilter(){
    //配置跨域访问的过滤器
    //基于url的数据源
    UrlBasedCorsConfigurationSource source=new UrlBasedCorsConfigurationSource();
    CorsConfiguration corsConfiguration=new CorsConfiguration();
    //把允许的跨域源添加到corsConfiguration中
    this.addAllowedOrigins(corsConfiguration);
    corsConfiguration.addAllowedMethod("*");          //不对method做限制,允许所有method请求(get,post....)
    corsConfiguration.addAllowedHeader("*");          //不对head做限制
    corsConfiguration.setAllowCredentials(true);      //允许跨域访问(在响应报文里带上跨域请求的凭证,和浏览器请求里面xhrFields相匹配,前后端才能正常通信)
    source.registerCorsConfiguration("/**",corsConfiguration);   //指定对当前这个服务下的所有请求都启用corsConfiguration的配置
    return new CorsFilter(source);
}
 
Example 12
Source Project: SpringAll   File: WebConfigurer.java    License: MIT License 5 votes vote down vote up
@Bean
public FilterRegistrationBean corsFilter() {
    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    CorsConfiguration config = new CorsConfiguration();
    config.setAllowCredentials(true);
    config.addAllowedOrigin("*");
    source.registerCorsConfiguration("/**", config);
    FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source));
    bean.setOrder(0);
    return bean;
}
 
Example 13
Source Project: cola-cloud   File: GatewayApplication.java    License: MIT License 5 votes vote down vote up
@Bean
public CorsFilter corsFilter() {
    final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    final CorsConfiguration config = new CorsConfiguration();
    config.setAllowCredentials(true);
    config.addAllowedOrigin("*");
    config.addAllowedHeader("*");
    config.setMaxAge(18000L);
    config.addAllowedMethod("*");
    source.registerCorsConfiguration("/**", config);
    return new CorsFilter(source);
}
 
Example 14
Source Project: crnk-framework   File: CorsConfig.java    License: Apache License 2.0 5 votes vote down vote up
@Bean
public FilterRegistrationBean corsFilter() {
	final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
	CorsConfiguration config = new CorsConfiguration();
	config.setAllowCredentials(true);
	config.addAllowedOrigin("*"); // @Value: http://localhost:8080
	config.addAllowedHeader("*");
	config.addAllowedMethod("*");
	source.registerCorsConfiguration("/**", config);
	FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source));
	bean.setOrder(0);
	return bean;
}
 
Example 15
@Bean
public FilterRegistrationBean<CorsFilter> simpleCorsFilter() {
    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    CorsConfiguration config = new CorsConfiguration();
    config.setAllowCredentials(true);
    config.setAllowedOrigins(Collections.singletonList("*"));
    config.setAllowedMethods(Collections.singletonList("*"));
    config.setAllowedHeaders(Collections.singletonList("*"));
    source.registerCorsConfiguration("/**", config);
    FilterRegistrationBean<CorsFilter> bean = new FilterRegistrationBean<>(new CorsFilter(source));
    bean.setOrder(Ordered.HIGHEST_PRECEDENCE);
    return bean;
}
 
Example 16
/**
 * 跨域支持
 *
 * @return
 */
@Bean
public CorsFilter corsFilter() {
    final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    final CorsConfiguration config = new CorsConfiguration();
    config.setAllowCredentials(true); // 允许cookies跨域
    config.addAllowedOrigin("*");// #允许向该服务器提交请求的URI,*表示全部允许
    config.addAllowedHeader("*");// #允许访问的头信息,*表示全部
    config.setMaxAge(18000L);// 预检请求的缓存时间(秒),即在这个时间段里,对于相同的跨域请求不会再预检了
    config.addAllowedMethod("*");// 允许提交请求的方法,*表示全部允许
    source.registerCorsConfiguration("/**", config);
    return new CorsFilter(source);
}
 
Example 17
/**
 * 跨域支持
 *
 * @return
 */
@Bean
public CorsFilter corsFilter() {
    final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    final CorsConfiguration config = new CorsConfiguration();
    config.setAllowCredentials(true); // 允许cookies跨域
    config.addAllowedOrigin("*");// #允许向该服务器提交请求的URI,*表示全部允许
    config.addAllowedHeader("*");// #允许访问的头信息,*表示全部
    config.setMaxAge(18000L);// 预检请求的缓存时间(秒),即在这个时间段里,对于相同的跨域请求不会再预检了
    config.addAllowedMethod("*");// 允许提交请求的方法,*表示全部允许
    source.registerCorsConfiguration("/**", config);
    return new CorsFilter(source);
}
 
Example 18
Source Project: luckyBlog   File: WebMvcConf.java    License: Apache License 2.0 5 votes vote down vote up
@Bean
public CorsFilter corsFilter() {
    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    CorsConfiguration configuration = new CorsConfiguration();
    configuration.setAllowCredentials(true);
    configuration.addAllowedOrigin("*");
    configuration.addAllowedHeader("*");
    configuration.setAllowedMethods(Arrays.asList("GET", "PUT", "POST", "DELETE"));
    source.registerCorsConfiguration("/**", configuration);
    return new CorsFilter(source);
}
 
Example 19
/**
 * 跨域支持
 *
 * @return
 */
@Bean
public CorsFilter corsFilter() {
    final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    final CorsConfiguration config = new CorsConfiguration();
    config.setAllowCredentials(true); // 允许cookies跨域
    config.addAllowedOrigin("*");// #允许向该服务器提交请求的URI,*表示全部允许
    config.addAllowedHeader("*");// #允许访问的头信息,*表示全部
    config.setMaxAge(18000L);// 预检请求的缓存时间(秒),即在这个时间段里,对于相同的跨域请求不会再预检了
    config.addAllowedMethod("*");// 允许提交请求的方法,*表示全部允许
    source.registerCorsConfiguration("/**", config);
    return new CorsFilter(source);
}
 
Example 20
@Bean
public CorsFilter corsFilter() {
    final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    final CorsConfiguration config = new CorsConfiguration();
    config.setAllowCredentials(true); // 允许cookies跨域
    config.addAllowedOrigin("*");// #允许向该服务器提交请求的URI,*表示全部允许
    config.addAllowedHeader("*");// #允许访问的头信息,*表示全部
    config.setMaxAge(18000L);// 预检请求的缓存时间(秒),即在这个时间段里,对于相同的跨域请求不会再预检了
    config.addAllowedMethod("*");// 允许提交请求的方法,*表示全部允许
    source.registerCorsConfiguration("/**", config);
    return new CorsFilter(source);
}