org.springframework.web.cors.CorsConfigurationSource Java Examples

The following examples show how to use org.springframework.web.cors.CorsConfigurationSource. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: WebSecurityConfig.java    From SpringSecurity-JWT-Vue-Deom with MIT License 7 votes vote down vote up
/**
 * 跨域配置
 */
@Bean
public CorsConfigurationSource corsConfigurationSource() {
    // 允许跨域访问的 URL
    List<String> allowedOriginsUrl = new ArrayList<>();
    allowedOriginsUrl.add("http://localhost:8080");
    allowedOriginsUrl.add("http://127.0.0.1:8080");
    CorsConfiguration config = new CorsConfiguration();
    config.setAllowCredentials(true);
    // 设置允许跨域访问的 URL
    config.setAllowedOrigins(allowedOriginsUrl);
    config.addAllowedHeader("*");
    config.addAllowedMethod("*");
    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    source.registerCorsConfiguration("/**", config);
    return source;
}
 
Example #2
Source File: WebSecurityConfiguration.java    From microservices-basics-spring-boot with Apache License 2.0 7 votes vote down vote up
@Bean
public CorsConfigurationSource corsConfigurationSource() {
	final CorsConfiguration configuration = new CorsConfiguration();
	configuration.setAllowedOrigins(ImmutableList.of("*"));
	configuration.setAllowedMethods(ImmutableList.of("HEAD", "GET", "POST", "PUT", "DELETE", "PATCH"));

	// setAllowCredentials(true) is important, otherwise:
	// The value of the 'Access-Control-Allow-Origin' header in the response must
	// not be the wildcard '*' when the request's credentials mode is 'include'.
	configuration.setAllowCredentials(true);

	// setAllowedHeaders is important! Without it, OPTIONS preflight request
	// will fail with 403 Invalid CORS request
	configuration.setAllowedHeaders(ImmutableList.of("*"));

	final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
	source.registerCorsConfiguration("/**", configuration);
	return source;
}
 
Example #3
Source File: LdapSecurityConfiguration.java    From data-highway with Apache License 2.0 6 votes vote down vote up
@Bean
public CorsConfigurationSource corsConfigurationSource() {
  CorsConfiguration configuration = new CorsConfiguration().applyPermitDefaultValues();
  configuration.setAllowedOrigins(ImmutableList.of("*"));
  configuration.setAllowedMethods(ImmutableList.of("HEAD", "GET", "POST", "PUT", "DELETE", "PATCH"));
  // setAllowCredentials(true) is important, otherwise:
  // The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the
  // request's credentials mode is 'include'.
  configuration.setAllowCredentials(true);
  // setAllowedHeaders is important! Without it, OPTIONS preflight request
  // will fail with 403 Invalid CORS request
  configuration.setAllowedHeaders(ImmutableList.of("Authorization", "Cache-Control", "Content-Type"));

  UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
  source.registerCorsConfiguration("/**", configuration);
  return source;
}
 
Example #4
Source File: SecurityConfiguration.java    From api-layer with Eclipse Public License 2.0 6 votes vote down vote up
@Bean
CorsConfigurationSource corsConfigurationSource() {
    final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    final CorsConfiguration config = new CorsConfiguration();
    List<String> pathsToEnable;
    if (corsEnabled) {
        addCorsRelatedIgnoredHeaders();

        config.setAllowCredentials(true);
        config.addAllowedOrigin(CorsConfiguration.ALL);
        config.setAllowedHeaders(Collections.singletonList(CorsConfiguration.ALL));
        config.setAllowedMethods(allowedCorsHttpMethods());
        pathsToEnable = CORS_ENABLED_ENDPOINTS;
    } else {
        pathsToEnable = Collections.singletonList("/**");
    }
    pathsToEnable.forEach(path -> source.registerCorsConfiguration(path, config));
    return source;
}
 
Example #5
Source File: HandlerMappingIntrospector.java    From foremast with Apache License 2.0 5 votes vote down vote up
@Override
public CorsConfiguration getCorsConfiguration(HttpServletRequest request) {
    Assert.notNull(this.handlerMappings, "Handler mappings not initialized");
    HttpServletRequest wrapper = new RequestAttributeChangeIgnoringWrapper(request);
    for (HandlerMapping handlerMapping : this.handlerMappings) {
        HandlerExecutionChain handler = null;
        try {
            handler = handlerMapping.getHandler(wrapper);
        }
        catch (Exception ex) {
            // Ignore
        }
        if (handler == null) {
            continue;
        }
        if (handler.getInterceptors() != null) {
            for (HandlerInterceptor interceptor : handler.getInterceptors()) {
                if (interceptor instanceof CorsConfigurationSource) {
                    return ((CorsConfigurationSource) interceptor).getCorsConfiguration(wrapper);
                }
            }
        }
        if (handler.getHandler() instanceof CorsConfigurationSource) {
            return ((CorsConfigurationSource) handler.getHandler()).getCorsConfiguration(wrapper);
        }
    }
    return null;
}
 
Example #6
Source File: NiFiWebApiSecurityConfiguration.java    From nifi with Apache License 2.0 5 votes vote down vote up
@Bean
CorsConfigurationSource corsConfigurationSource() {
    CorsConfiguration configuration = new CorsConfiguration();
    configuration.setAllowedMethods(Arrays.asList("HEAD", "GET"));
    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    source.registerCorsConfiguration("/process-groups/*/templates/upload", configuration);
    return source;
}
 
Example #7
Source File: HandlerMappingIntrospector.java    From foremast with Apache License 2.0 5 votes vote down vote up
@Override
public CorsConfiguration getCorsConfiguration(HttpServletRequest request) {
    Assert.notNull(this.handlerMappings, "Handler mappings not initialized");
    HttpServletRequest wrapper = new RequestAttributeChangeIgnoringWrapper(request);
    for (HandlerMapping handlerMapping : this.handlerMappings) {
        HandlerExecutionChain handler = null;
        try {
            handler = handlerMapping.getHandler(wrapper);
        }
        catch (Exception ex) {
            // Ignore
        }
        if (handler == null) {
            continue;
        }
        if (handler.getInterceptors() != null) {
            for (HandlerInterceptor interceptor : handler.getInterceptors()) {
                if (interceptor instanceof CorsConfigurationSource) {
                    return ((CorsConfigurationSource) interceptor).getCorsConfiguration(wrapper);
                }
            }
        }
        if (handler.getHandler() instanceof CorsConfigurationSource) {
            return ((CorsConfigurationSource) handler.getHandler()).getCorsConfiguration(wrapper);
        }
    }
    return null;
}
 
Example #8
Source File: WebSecurityConfig.java    From BlogManagePlatform with Apache License 2.0 5 votes vote down vote up
/**
 * 跨域资源配置
 * @author Frodez
 * @date 2018-12-04
 */
@Bean
public CorsConfigurationSource corsConfigurationSource() {
	CorsConfiguration configuration = new CorsConfiguration();
	Cors cors = properties.getCors();
	configuration.setAllowedOrigins(cors.getAllowedOrigins());
	configuration.setAllowedMethods(cors.getAllowedMethods());
	configuration.setAllowedHeaders(cors.getAllowedHeaders());
	UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
	source.registerCorsConfiguration("/**", configuration);
	return source;
}
 
Example #9
Source File: SecurityConfigurer.java    From spring-oauth2-keycloak-connector with Apache License 2.0 5 votes vote down vote up
@Bean
public CorsConfigurationSource corsConfigurationSource() {
  UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
  if (null != securityProperties.getCorsConfiguration()) {
    source.registerCorsConfiguration("/**", securityProperties.getCorsConfiguration());
  }
  return source;
}
 
Example #10
Source File: SecurityConfiguration.java    From Spring-Boot-2-Fundamentals with MIT License 5 votes vote down vote up
@Bean
CorsConfigurationSource corsConfigurationSource() {
    CorsConfiguration configuration = new CorsConfiguration();
    configuration.setAllowedOrigins(Collections.singletonList("https://example.com"));
    configuration.setAllowedMethods(Arrays.asList("GET","POST"));
    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    source.registerCorsConfiguration("/**", configuration);
    return source;
}
 
Example #11
Source File: WebSecurityConfig.java    From danyuan-application with Apache License 2.0 5 votes vote down vote up
@Bean
CorsConfigurationSource corsConfigurationSource() {
	CorsConfiguration configuration = new CorsConfiguration();
	configuration.setAllowedOrigins(Arrays.asList("*"));
	configuration.setAllowedMethods(Arrays.asList("GET", "POST", "OPTIONS", "DELETE"));
	UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
	source.registerCorsConfiguration("/**", configuration);
	return source;
}
 
Example #12
Source File: AbstractHandlerMapping.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Retrieve the CORS configuration for the given handler.
 * @param handler the handler to check (never {@code null}).
 * @param request the current request.
 * @return the CORS configuration for the handler, or {@code null} if none
 * @since 4.2
 */
protected CorsConfiguration getCorsConfiguration(Object handler, HttpServletRequest request) {
	Object resolvedHandler = handler;
	if (handler instanceof HandlerExecutionChain) {
		resolvedHandler = ((HandlerExecutionChain) handler).getHandler();
	}
	if (resolvedHandler instanceof CorsConfigurationSource) {
		return ((CorsConfigurationSource) resolvedHandler).getCorsConfiguration(request);
	}
	return null;
}
 
Example #13
Source File: HandlerMappingIntrospector.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
@Override
public CorsConfiguration getCorsConfiguration(HttpServletRequest request) {
	Assert.notNull(this.handlerMappings, "Handler mappings not initialized");
	HttpServletRequest wrapper = new RequestAttributeChangeIgnoringWrapper(request);
	for (HandlerMapping handlerMapping : this.handlerMappings) {
		HandlerExecutionChain handler = null;
		try {
			handler = handlerMapping.getHandler(wrapper);
		}
		catch (Exception ex) {
			// Ignore
		}
		if (handler == null) {
			continue;
		}
		if (handler.getInterceptors() != null) {
			for (HandlerInterceptor interceptor : handler.getInterceptors()) {
				if (interceptor instanceof CorsConfigurationSource) {
					return ((CorsConfigurationSource) interceptor).getCorsConfiguration(wrapper);
				}
			}
		}
		if (handler.getHandler() instanceof CorsConfigurationSource) {
			return ((CorsConfigurationSource) handler.getHandler()).getCorsConfiguration(wrapper);
		}
	}
	return null;
}
 
Example #14
Source File: SecurityConfig.java    From springboot-vue.js-bbs with Apache License 2.0 5 votes vote down vote up
@Bean
public CorsConfigurationSource corsConfigurationSource() {
    final CorsConfiguration configuration = new CorsConfiguration();
    configuration.setAllowedOrigins(Arrays.asList("*"));
    configuration.setAllowedMethods(Arrays.asList("HEAD", "GET", "POST", "PUT", "DELETE", "PATCH"));
    configuration.setAllowedHeaders(Arrays.asList("Authorization", "Cache-Control", "Content-Type"));
    configuration.setAllowCredentials(false);
    configuration.setMaxAge(3600L);
    final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    source.registerCorsConfiguration("/api/**", configuration);
    return source;
}
 
Example #15
Source File: CommonBeanConfiguration.java    From Insights with Apache License 2.0 5 votes vote down vote up
/**
 * used for CORS validation, A container for CORS configuration to validate
 * against the actual origin, HTTP methods, and headers of a given request.
 * 
 * @return
 */
@Bean
public CorsConfigurationSource corsConfigurationSource() {
	LOG.debug("Setting up corsConfigurationSource ");
	CorsConfiguration configuration = new CorsConfiguration();
	configuration.setAllowedOrigins(Arrays.asList("*"));
	configuration.setAllowedMethods(Arrays.asList("GET", "POST", "OPTIONS", "PUT", "DELETE", "PATCH"));
	configuration.setAllowCredentials(true);
	configuration.setAllowedHeaders(Arrays.asList("*"));
	UrlBasedCorsConfigurationSource sourceCors = new UrlBasedCorsConfigurationSource();
	sourceCors.registerCorsConfiguration("/**", configuration);
	return sourceCors;
}
 
Example #16
Source File: CCRIFHIRServer.java    From careconnect-reference-implementation with Apache License 2.0 5 votes vote down vote up
@Bean
CorsConfigurationSource
corsConfigurationSource() {
    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    source.registerCorsConfiguration("/**", new CorsConfiguration().applyPermitDefaultValues());
    return source;
}
 
Example #17
Source File: AbstractHandlerMapping.java    From spring4-understanding with Apache License 2.0 5 votes vote down vote up
/**
 * Retrieve the CORS configuration for the given handler.
 * @param handler the handler to check (never {@code null}).
 * @param request the current request.
 * @return the CORS configuration for the handler or {@code null}.
 * @since 4.2
 */
protected CorsConfiguration getCorsConfiguration(Object handler, HttpServletRequest request) {
	if (handler instanceof HandlerExecutionChain) {
		handler = ((HandlerExecutionChain) handler).getHandler();
	}
	if (handler instanceof CorsConfigurationSource) {
		return ((CorsConfigurationSource) handler).getCorsConfiguration(request);
	}
	return null;
}
 
Example #18
Source File: SockJsHttpRequestHandler.java    From spring4-understanding with Apache License 2.0 5 votes vote down vote up
@Override
public CorsConfiguration getCorsConfiguration(HttpServletRequest request) {
	if (this.sockJsService instanceof CorsConfigurationSource) {
		return ((CorsConfigurationSource) this.sockJsService).getCorsConfiguration(request);
	}
	return null;
}
 
Example #19
Source File: SecurityConfiguration.java    From graviteeio-access-management with Apache License 2.0 5 votes vote down vote up
@Bean
public CorsConfigurationSource corsConfigurationSource() {
    final CorsConfiguration config = new CorsConfiguration();
    config.setAllowCredentials(true);
    config.setAllowedOrigins(getPropertiesAsList("http.cors.allow-origin", "*"));
    config.setAllowedHeaders(getPropertiesAsList("http.cors.allow-headers", "Cache-Control, Pragma, Origin, Authorization, Content-Type, X-Requested-With, If-Match, " + DEFAULT_CSRF_HEADER_NAME));
    config.setAllowedMethods(getPropertiesAsList("http.cors.allow-methods", "OPTIONS, GET, POST, PUT, PATCH, DELETE"));
    config.setExposedHeaders(getPropertiesAsList("http.cors.exposed-headers", "ETag, " + DEFAULT_CSRF_HEADER_NAME));
    config.setMaxAge(environment.getProperty("http.cors.max-age", Long.class, 1728000L));

    final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    source.registerCorsConfiguration("/**", config);

    return source;
}
 
Example #20
Source File: BasicSecurityConfigurerAdapter.java    From gravitee-management-rest-api with Apache License 2.0 5 votes vote down vote up
@Bean
public CorsConfigurationSource corsConfigurationSource() {
    final CorsConfiguration config = new CorsConfiguration();
    config.setAllowCredentials(true);
    config.setAllowedOrigins(getPropertiesAsList("http.cors.allow-origin", "*"));
    config.setAllowedHeaders(getPropertiesAsList("http.cors.allow-headers", "Cache-Control, Pragma, Origin, Authorization, Content-Type, X-Requested-With, If-Match, " + DEFAULT_CSRF_HEADER_NAME + ", " + DEFAULT_RECAPTCHA_HEADER_NAME));
    config.setAllowedMethods(getPropertiesAsList("http.cors.allow-methods", "OPTIONS, GET, POST, PUT, DELETE, PATCH"));
    config.setExposedHeaders(getPropertiesAsList("http.cors.exposed-headers", "ETag, " + DEFAULT_CSRF_HEADER_NAME));
    config.setMaxAge(environment.getProperty("http.cors.max-age", Long.class, 1728000L));

    final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    source.registerCorsConfiguration("/**", config);
    return source;
}
 
Example #21
Source File: BasicSecurityConfigurerAdapter.java    From gravitee-management-rest-api with Apache License 2.0 5 votes vote down vote up
@Bean
public CorsConfigurationSource corsConfigurationSource() {
    final CorsConfiguration config = new CorsConfiguration();
    config.setAllowCredentials(true);
    config.setAllowedOrigins(getPropertiesAsList("http.cors.allow-origin", "*"));
    config.setAllowedHeaders(getPropertiesAsList("http.cors.allow-headers", "Cache-Control, Pragma, Origin, Authorization, Content-Type, X-Requested-With, " + DEFAULT_CSRF_HEADER_NAME + ", " + DEFAULT_RECAPTCHA_HEADER_NAME));
    config.setAllowedMethods(getPropertiesAsList("http.cors.allow-methods", "OPTIONS, GET, POST, PUT, DELETE, PATCH"));
    config.setExposedHeaders(getPropertiesAsList("http.cors.exposed-headers", DEFAULT_CSRF_HEADER_NAME));
    config.setMaxAge(environment.getProperty("http.cors.max-age", Long.class, 1728000L));

    final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    source.registerCorsConfiguration("/**", config);
    return source;
}
 
Example #22
Source File: SecurityManagedConfiguration.java    From hawkbit with Eclipse Public License 1.0 5 votes vote down vote up
@Bean
@ConditionalOnProperty(prefix = "hawkbit.server.security.cors", name = "enabled", matchIfMissing = false)
CorsConfigurationSource corsConfigurationSource() {
    final CorsConfiguration restCorsConfiguration = new CorsConfiguration();

    restCorsConfiguration.setAllowedOrigins(securityProperties.getCors().getAllowedOrigins());
    restCorsConfiguration.setAllowCredentials(true);
    restCorsConfiguration.setAllowedHeaders(securityProperties.getCors().getAllowedHeaders());
    restCorsConfiguration.setAllowedMethods(securityProperties.getCors().getAllowedMethods());

    final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    source.registerCorsConfiguration("/rest/**", restCorsConfiguration);

    return source;
}
 
Example #23
Source File: SecurityConfiguration.java    From skeleton-ws-spring-boot with Apache License 2.0 5 votes vote down vote up
/**
 * Defines a ConfigurationSource for CORS attributes.
 * 
 * @return A CorsConfigurationSource.
 */
@Bean
public CorsConfigurationSource corsConfigurationSource() {
    final CorsConfiguration configuration = new CorsConfiguration();
    configuration.setAllowedOrigins(corsProperties.getAllowedOrigins());
    configuration.setAllowedMethods(corsProperties.getAllowedMethods());
    configuration.setAllowedHeaders(corsProperties.getAllowedHeaders());
    configuration.setAllowCredentials(corsProperties.getAllowCredentials());
    configuration.setExposedHeaders(corsProperties.getExposedHeaders());
    configuration.setMaxAge(corsProperties.getMaxAgeSeconds());

    final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    source.registerCorsConfiguration(corsProperties.getFilterRegistrationPath(), configuration);
    return source;
}
 
Example #24
Source File: SecurityConfiguration.java    From jwt-security with MIT License 5 votes vote down vote up
@Bean
public CorsConfigurationSource corsConfigurationSource() {
    final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    source.registerCorsConfiguration("/**", new CorsConfiguration().applyPermitDefaultValues());

    return source;
}
 
Example #25
Source File: SecurityConfigurer.java    From uexam with GNU Affero General Public License v3.0 5 votes vote down vote up
@Bean
public CorsConfigurationSource corsConfigurationSource() {
    final CorsConfiguration configuration = new CorsConfiguration();
    configuration.setMaxAge(3600L);
    configuration.setAllowedOrigins(Collections.singletonList("*"));
    configuration.setAllowedMethods(Collections.singletonList("*"));
    configuration.setAllowCredentials(true);
    configuration.setAllowedHeaders(Collections.singletonList("*"));
    final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    source.registerCorsConfiguration("/api/**", configuration);
    return source;
}
 
Example #26
Source File: AbstractHandlerMapping.java    From spring-analysis-note with MIT License 5 votes vote down vote up
/**
 * Retrieve the CORS configuration for the given handler.
 * @param handler the handler to check (never {@code null}).
 * @param request the current request.
 * @return the CORS configuration for the handler, or {@code null} if none
 * @since 4.2
 */
@Nullable
protected CorsConfiguration getCorsConfiguration(Object handler, HttpServletRequest request) {
	Object resolvedHandler = handler;
	if (handler instanceof HandlerExecutionChain) {
		resolvedHandler = ((HandlerExecutionChain) handler).getHandler();
	}
	if (resolvedHandler instanceof CorsConfigurationSource) {
		return ((CorsConfigurationSource) resolvedHandler).getCorsConfiguration(request);
	}
	return null;
}
 
Example #27
Source File: HandlerMappingIntrospector.java    From spring-analysis-note with MIT License 5 votes vote down vote up
@Override
@Nullable
public CorsConfiguration getCorsConfiguration(HttpServletRequest request) {
	Assert.notNull(this.handlerMappings, "Handler mappings not initialized");
	HttpServletRequest wrapper = new RequestAttributeChangeIgnoringWrapper(request);
	for (HandlerMapping handlerMapping : this.handlerMappings) {
		HandlerExecutionChain handler = null;
		try {
			handler = handlerMapping.getHandler(wrapper);
		}
		catch (Exception ex) {
			// Ignore
		}
		if (handler == null) {
			continue;
		}
		if (handler.getInterceptors() != null) {
			for (HandlerInterceptor interceptor : handler.getInterceptors()) {
				if (interceptor instanceof CorsConfigurationSource) {
					return ((CorsConfigurationSource) interceptor).getCorsConfiguration(wrapper);
				}
			}
		}
		if (handler.getHandler() instanceof CorsConfigurationSource) {
			return ((CorsConfigurationSource) handler.getHandler()).getCorsConfiguration(wrapper);
		}
	}
	return null;
}
 
Example #28
Source File: SockJsHttpRequestHandler.java    From spring-analysis-note with MIT License 5 votes vote down vote up
@Override
@Nullable
public CorsConfiguration getCorsConfiguration(HttpServletRequest request) {
	if (this.sockJsService instanceof CorsConfigurationSource) {
		return ((CorsConfigurationSource) this.sockJsService).getCorsConfiguration(request);
	}
	return null;
}
 
Example #29
Source File: CrustConfigurerAdapter.java    From Milkomeda with MIT License 5 votes vote down vote up
@Bean
protected CorsConfigurationSource corsConfigurationSource() {
    CorsConfiguration configuration = new CorsConfiguration();
    configuration.setAllowedOrigins(Collections.singletonList("*"));
    configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "HEAD", "OPTION"));
    configuration.setAllowedHeaders(Collections.singletonList("*"));
    configuration.addExposedHeader(props.getRefreshTokenName());
    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    source.registerCorsConfiguration("/**", configuration);
    return source;
}
 
Example #30
Source File: SecurityConfig.java    From datax-web with MIT License 5 votes vote down vote up
@Bean
CorsConfigurationSource corsConfigurationSource() {
    final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    CorsConfiguration config = new CorsConfiguration();
    config.addAllowedMethod(Constants.SPLIT_STAR);
    config.applyPermitDefaultValues();
    source.registerCorsConfiguration("/**", config);
    return source;
}