org.springframework.web.cors.CorsConfiguration Java Examples

The following examples show how to use org.springframework.web.cors.CorsConfiguration. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: WebSecurityConfiguration.java    From microservices-basics-spring-boot with Apache License 2.0 7 votes vote down vote up
@Bean
public CorsConfigurationSource corsConfigurationSource() {
	final CorsConfiguration configuration = new CorsConfiguration();
	configuration.setAllowedOrigins(ImmutableList.of("*"));
	configuration.setAllowedMethods(ImmutableList.of("HEAD", "GET", "POST", "PUT", "DELETE", "PATCH"));

	// setAllowCredentials(true) is important, otherwise:
	// The value of the 'Access-Control-Allow-Origin' header in the response must
	// not be the wildcard '*' when the request's credentials mode is 'include'.
	configuration.setAllowCredentials(true);

	// setAllowedHeaders is important! Without it, OPTIONS preflight request
	// will fail with 403 Invalid CORS request
	configuration.setAllowedHeaders(ImmutableList.of("*"));

	final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
	source.registerCorsConfiguration("/**", configuration);
	return source;
}
 
Example #2
Source File: WebSecurityConfig.java    From SpringSecurity-JWT-Vue-Deom with MIT License 7 votes vote down vote up
/**
 * 跨域配置
 */
@Bean
public CorsConfigurationSource corsConfigurationSource() {
    // 允许跨域访问的 URL
    List<String> allowedOriginsUrl = new ArrayList<>();
    allowedOriginsUrl.add("http://localhost:8080");
    allowedOriginsUrl.add("http://127.0.0.1:8080");
    CorsConfiguration config = new CorsConfiguration();
    config.setAllowCredentials(true);
    // 设置允许跨域访问的 URL
    config.setAllowedOrigins(allowedOriginsUrl);
    config.addAllowedHeader("*");
    config.addAllowedMethod("*");
    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    source.registerCorsConfiguration("/**", config);
    return source;
}
 
Example #3
Source File: RequestMappingHandlerMapping.java    From java-technology-stack with MIT License 6 votes vote down vote up
@Override
protected CorsConfiguration initCorsConfiguration(Object handler, Method method, RequestMappingInfo mappingInfo) {
	HandlerMethod handlerMethod = createHandlerMethod(handler, method);
	Class<?> beanType = handlerMethod.getBeanType();
	CrossOrigin typeAnnotation = AnnotatedElementUtils.findMergedAnnotation(beanType, CrossOrigin.class);
	CrossOrigin methodAnnotation = AnnotatedElementUtils.findMergedAnnotation(method, CrossOrigin.class);

	if (typeAnnotation == null && methodAnnotation == null) {
		return null;
	}

	CorsConfiguration config = new CorsConfiguration();
	updateCorsConfig(config, typeAnnotation);
	updateCorsConfig(config, methodAnnotation);

	if (CollectionUtils.isEmpty(config.getAllowedMethods())) {
		for (RequestMethod allowedMethod : mappingInfo.getMethodsCondition().getMethods()) {
			config.addAllowedMethod(allowedMethod.name());
		}
	}
	return config.applyPermitDefaultValues();
}
 
Example #4
Source File: CrossOriginTests.java    From java-technology-stack with MIT License 6 votes vote down vote up
@Test
public void ambiguousProducesPreFlightRequest() throws Exception {
	this.handlerMapping.registerHandler(new MethodLevelController());
	this.request.setMethod("OPTIONS");
	this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
	this.request.setRequestURI("/ambiguous-produces");
	HandlerExecutionChain chain = this.handlerMapping.getHandler(request);
	CorsConfiguration config = getCorsConfiguration(chain, true);
	assertNotNull(config);
	assertArrayEquals(new String[] {"*"}, config.getAllowedMethods().toArray());
	assertArrayEquals(new String[] {"*"}, config.getAllowedOrigins().toArray());
	assertArrayEquals(new String[] {"*"}, config.getAllowedHeaders().toArray());
	assertTrue(config.getAllowCredentials());
	assertTrue(CollectionUtils.isEmpty(config.getExposedHeaders()));
	assertNull(config.getMaxAge());
}
 
Example #5
Source File: SyndesisCorsConfiguration.java    From syndesis with Apache License 2.0 6 votes vote down vote up
@Bean
public CorsFilter corsFilter() {
    return new CorsFilter(request -> {
        String pathInfo = request.getPathInfo();
        if (pathInfo != null &&
            (pathInfo.endsWith("/openapi.json") ||
             pathInfo.endsWith("/openapi.yaml"))) {
            return new CorsConfiguration().applyPermitDefaultValues();
        }

        CorsConfiguration config = new CorsConfiguration();
        config.setAllowedOrigins(allowedOrigins);
        config.setAllowedMethods(Arrays.asList("HEAD", "GET", "POST", "PUT", "DELETE", "PATCH"));
        config.applyPermitDefaultValues();
        return config;
    });
}
 
Example #6
Source File: CorsProperties.java    From hsweb-framework with Apache License 2.0 6 votes vote down vote up
CorsConfiguration applyPermitDefaultValues() {
    if (this.allowedOrigins == null) {
        this.addAllowedOrigin();
    }
    if (this.allowedMethods == null) {
        this.setAllowedMethods(Arrays.asList(
                HttpMethod.GET.name(), HttpMethod.HEAD.name(), HttpMethod.POST.name()));
    }
    if (this.allowedHeaders == null) {
        this.addAllowedHeader();
    }
    if (this.allowCredentials == null) {
        this.setAllowCredentials(true);
    }
    if (this.maxAge == null) {
        this.setMaxAge(1800L);
    }
    return this;
}
 
Example #7
Source File: GlobalCorsConfig.java    From mall-tiny with Apache License 2.0 6 votes vote down vote up
/**
 * 允许跨域调用的过滤器
 */
@Bean
public CorsFilter corsFilter() {
    CorsConfiguration config = new CorsConfiguration();
    //允许所有域名进行跨域调用
    config.addAllowedOrigin("*");
    //允许跨越发送cookie
    config.setAllowCredentials(true);
    //放行全部原始头信息
    config.addAllowedHeader("*");
    //允许所有请求方法跨域调用
    config.addAllowedMethod("*");
    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    source.registerCorsConfiguration("/**", config);
    return new CorsFilter(source);
}
 
Example #8
Source File: CorsConfig.java    From balance-transfer-java with Apache License 2.0 6 votes vote down vote up
@Bean
public FilterRegistrationBean corsFilter() {
	UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
	CorsConfiguration config = new CorsConfiguration();
	config.setAllowCredentials(true);
	config.addAllowedOrigin("*");
	config.addAllowedHeader("*");
	config.addAllowedMethod("OPTIONS");
	config.addAllowedMethod("HEAD");
	config.addAllowedMethod("GET");
	config.addAllowedMethod("PUT");
	config.addAllowedMethod("POST");
	config.addAllowedMethod("DELETE");
	config.addAllowedMethod("PATCH");
	source.registerCorsConfiguration("/**", config);
	// return new CorsFilter(source);
	final FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source));
	bean.setOrder(0);
	return bean;
}
 
Example #9
Source File: RequestMappingHandlerMapping.java    From spring-analysis-note with MIT License 6 votes vote down vote up
@Override
protected CorsConfiguration initCorsConfiguration(Object handler, Method method, RequestMappingInfo mappingInfo) {
	HandlerMethod handlerMethod = createHandlerMethod(handler, method);
	Class<?> beanType = handlerMethod.getBeanType();
	CrossOrigin typeAnnotation = AnnotatedElementUtils.findMergedAnnotation(beanType, CrossOrigin.class);
	CrossOrigin methodAnnotation = AnnotatedElementUtils.findMergedAnnotation(method, CrossOrigin.class);

	if (typeAnnotation == null && methodAnnotation == null) {
		return null;
	}

	CorsConfiguration config = new CorsConfiguration();
	updateCorsConfig(config, typeAnnotation);
	updateCorsConfig(config, methodAnnotation);

	if (CollectionUtils.isEmpty(config.getAllowedMethods())) {
		for (RequestMethod allowedMethod : mappingInfo.getMethodsCondition().getMethods()) {
			config.addAllowedMethod(allowedMethod.name());
		}
	}
	return config.applyPermitDefaultValues();
}
 
Example #10
Source File: WebConfigurer.java    From tutorials with MIT License 6 votes vote down vote up
@Bean
public CorsFilter corsFilter() {
    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    CorsConfiguration config = jHipsterProperties.getCors();
    if (config.getAllowedOrigins() != null && !config.getAllowedOrigins().isEmpty()) {
        log.debug("Registering CORS filter");
        source.registerCorsConfiguration("/api/**", config);
        source.registerCorsConfiguration("/management/**", config);
        source.registerCorsConfiguration("/v2/api-docs", config);
        source.registerCorsConfiguration("/auth/**", config);
        source.registerCorsConfiguration("/*/api/**", config);
        source.registerCorsConfiguration("/*/management/**", config);
        source.registerCorsConfiguration("/*/oauth/**", config);
    }
    return new CorsFilter(source);
}
 
Example #11
Source File: CrossConfig.java    From swagger-showdoc with Apache License 2.0 6 votes vote down vote up
@Bean
   public FilterRegistrationBean corsFilter() {
       UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
       CorsConfiguration config = new CorsConfiguration();
       config.setAllowCredentials(true);
       // 设置你要允许的网站域名,如果全允许则设为 *
       config.addAllowedOrigin("*");
       // 如果要限制 HEADER 或 METHOD 请自行更改
       config.addAllowedHeader("*");
       config.addAllowedMethod("*");
       source.registerCorsConfiguration("/**", config);
       FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source));
       // 这个顺序很重要哦,为避免麻烦请设置在最前
       bean.setOrder(0);
       return bean;
}
 
Example #12
Source File: CrossOriginTests.java    From spring-analysis-note with MIT License 6 votes vote down vote up
@Test
public void ambiguousProducesPreFlightRequest() throws Exception {
	this.handlerMapping.registerHandler(new MethodLevelController());
	this.request.setMethod("OPTIONS");
	this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
	this.request.setRequestURI("/ambiguous-produces");
	HandlerExecutionChain chain = this.handlerMapping.getHandler(request);
	CorsConfiguration config = getCorsConfiguration(chain, true);
	assertNotNull(config);
	assertArrayEquals(new String[] {"*"}, config.getAllowedMethods().toArray());
	assertArrayEquals(new String[] {"*"}, config.getAllowedOrigins().toArray());
	assertArrayEquals(new String[] {"*"}, config.getAllowedHeaders().toArray());
	assertTrue(config.getAllowCredentials());
	assertTrue(CollectionUtils.isEmpty(config.getExposedHeaders()));
	assertNull(config.getMaxAge());
}
 
Example #13
Source File: AbstractHandlerMapping.java    From spring4-understanding with Apache License 2.0 6 votes vote down vote up
/**
 * Look up a handler for the given request, falling back to the default
 * handler if no specific one is found.
 * @param request current HTTP request
 * @return the corresponding handler instance, or the default handler
 * @see #getHandlerInternal
 */
@Override
public final HandlerExecutionChain getHandler(HttpServletRequest request) throws Exception {
	Object handler = getHandlerInternal(request);
	if (handler == null) {
		handler = getDefaultHandler();
	}
	if (handler == null) {
		return null;
	}
	// Bean name or resolved handler?
	if (handler instanceof String) {
		String handlerName = (String) handler;
		handler = getApplicationContext().getBean(handlerName);
	}

	HandlerExecutionChain executionChain = getHandlerExecutionChain(handler, request);
	if (CorsUtils.isCorsRequest(request)) {
		CorsConfiguration globalConfig = this.corsConfigSource.getCorsConfiguration(request);
		CorsConfiguration handlerConfig = getCorsConfiguration(handler, request);
		CorsConfiguration config = (globalConfig != null ? globalConfig.combine(handlerConfig) : handlerConfig);
		executionChain = getCorsHandlerExecutionChain(request, executionChain, config);
	}
	return executionChain;
}
 
Example #14
Source File: HandlerMappingIntrospectorTests.java    From java-technology-stack with MIT License 6 votes vote down vote up
@Test
public void getCorsConfigurationPreFlight() throws Exception {
	AnnotationConfigWebApplicationContext cxt = new AnnotationConfigWebApplicationContext();
	cxt.register(TestConfig.class);
	cxt.refresh();

	// PRE-FLIGHT

	MockHttpServletRequest request = new MockHttpServletRequest("OPTIONS", "/path");
	request.addHeader("Origin", "http://localhost:9000");
	request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "POST");
	CorsConfiguration corsConfig = getIntrospector(cxt).getCorsConfiguration(request);

	assertNotNull(corsConfig);
	assertEquals(Collections.singletonList("http://localhost:9000"), corsConfig.getAllowedOrigins());
	assertEquals(Collections.singletonList("POST"), corsConfig.getAllowedMethods());
}
 
Example #15
Source File: CrossOriginTests.java    From java-technology-stack with MIT License 5 votes vote down vote up
@Test
public void classLevel() throws Exception {
	this.handlerMapping.registerHandler(new ClassLevelController());

	this.request.setRequestURI("/foo");
	HandlerExecutionChain chain = this.handlerMapping.getHandler(request);
	CorsConfiguration config = getCorsConfiguration(chain, false);
	assertNotNull(config);
	assertArrayEquals(new String[] {"GET"}, config.getAllowedMethods().toArray());
	assertArrayEquals(new String[] {"*"}, config.getAllowedOrigins().toArray());
	assertFalse(config.getAllowCredentials());

	this.request.setRequestURI("/bar");
	chain = this.handlerMapping.getHandler(request);
	config = getCorsConfiguration(chain, false);
	assertNotNull(config);
	assertArrayEquals(new String[] {"GET"}, config.getAllowedMethods().toArray());
	assertArrayEquals(new String[] {"*"}, config.getAllowedOrigins().toArray());
	assertFalse(config.getAllowCredentials());

	this.request.setRequestURI("/baz");
	chain = this.handlerMapping.getHandler(request);
	config = getCorsConfiguration(chain, false);
	assertNotNull(config);
	assertArrayEquals(new String[] {"GET"}, config.getAllowedMethods().toArray());
	assertArrayEquals(new String[] {"*"}, config.getAllowedOrigins().toArray());
	assertTrue(config.getAllowCredentials());
}
 
Example #16
Source File: CrossOriginTests.java    From spring-analysis-note with MIT License 5 votes vote down vote up
@Test // SPR-13468
public void classLevelComposedAnnotation() throws Exception {
	this.handlerMapping.registerHandler(new ClassLevelMappingWithComposedAnnotation());

	this.request.setRequestURI("/foo");
	HandlerExecutionChain chain = this.handlerMapping.getHandler(request);
	CorsConfiguration config = getCorsConfiguration(chain, false);
	assertNotNull(config);
	assertArrayEquals(new String[] {"GET"}, config.getAllowedMethods().toArray());
	assertArrayEquals(new String[] {"http://www.foo.com/"}, config.getAllowedOrigins().toArray());
	assertTrue(config.getAllowCredentials());
}
 
Example #17
Source File: CorsUrlHandlerMappingTests.java    From java-technology-stack with MIT License 5 votes vote down vote up
@Test
public void actualRequestWithGlobalCorsConfig() throws Exception {
	CorsConfiguration mappedConfig = new CorsConfiguration();
	mappedConfig.addAllowedOrigin("*");
	this.handlerMapping.setCorsConfigurations(Collections.singletonMap("/welcome.html", mappedConfig));

	String origin = "http://domain2.com";
	ServerWebExchange exchange = createExchange(HttpMethod.GET, "/welcome.html", origin);
	Object actual = this.handlerMapping.getHandler(exchange).block();

	assertNotNull(actual);
	assertSame(this.welcomeController, actual);
	assertEquals("*", exchange.getResponse().getHeaders().getFirst(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN));
}
 
Example #18
Source File: CorsConfig.java    From Pixiv-Illustration-Collection-Backend with Apache License 2.0 5 votes vote down vote up
private CorsConfiguration buildConfig() {
    CorsConfiguration corsConfiguration = new CorsConfiguration();
    corsConfiguration.addAllowedOrigin("*"); // 1允许任何域名使用
    corsConfiguration.addAllowedHeader("*"); // 2允许任何头
    corsConfiguration.addAllowedMethod("*"); // 3允许任何方法(post、get等)
    return corsConfiguration;
}
 
Example #19
Source File: DevelopmentConfig.java    From eds-starter6-jpa with Apache License 2.0 5 votes vote down vote up
@Bean
public FilterRegistrationBean<CorsFilter> corsFilterRegistration() {
	FilterRegistrationBean<CorsFilter> filter = new FilterRegistrationBean<>();
	CorsConfiguration config = new CorsConfiguration();
	config.setAllowedOrigins(Collections.singletonList(CorsConfiguration.ALL));
	config.setAllowedMethods(Collections.singletonList(CorsConfiguration.ALL));
	config.setAllowedHeaders(Collections.singletonList(CorsConfiguration.ALL));
	config.setAllowCredentials(true);
	filter.setFilter(new CorsFilter(r -> config));
	filter.setUrlPatterns(Collections.singleton("/*"));
	filter.setOrder(SecurityProperties.DEFAULT_FILTER_ORDER - 1);
	return filter;
}
 
Example #20
Source File: WebConfigurer.java    From albedo with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Bean
public CorsFilter corsFilter() {
	UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
	CorsConfiguration config = applicationProperties.getCors();
	if (config.getAllowedOrigins() != null && !config.getAllowedOrigins().isEmpty()) {
		log.debug("Registering CORS filter");
		source.registerCorsConfiguration(applicationProperties.getAdminPath("/**"), config);
		source.registerCorsConfiguration("/management/**", config);
		source.registerCorsConfiguration("/v2/api-docs", config);
	}
	return new CorsFilter(source);
}
 
Example #21
Source File: SecurityManagedConfiguration.java    From hawkbit with Eclipse Public License 1.0 5 votes vote down vote up
@Bean
@ConditionalOnProperty(prefix = "hawkbit.server.security.cors", name = "enabled", matchIfMissing = false)
CorsConfigurationSource corsConfigurationSource() {
    final CorsConfiguration restCorsConfiguration = new CorsConfiguration();

    restCorsConfiguration.setAllowedOrigins(securityProperties.getCors().getAllowedOrigins());
    restCorsConfiguration.setAllowCredentials(true);
    restCorsConfiguration.setAllowedHeaders(securityProperties.getCors().getAllowedHeaders());
    restCorsConfiguration.setAllowedMethods(securityProperties.getCors().getAllowedMethods());

    final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    source.registerCorsConfiguration("/rest/**", restCorsConfiguration);

    return source;
}
 
Example #22
Source File: WebConfigurer.java    From jhipster-ribbon-hystrix with GNU General Public License v3.0 5 votes vote down vote up
@Bean
public CorsFilter corsFilter() {
    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    CorsConfiguration config = jHipsterProperties.getCors();
    if (config.getAllowedOrigins() != null && !config.getAllowedOrigins().isEmpty()) {
        source.registerCorsConfiguration("/api/**", config);
        source.registerCorsConfiguration("/v2/api-docs", config);
        source.registerCorsConfiguration("/oauth/**", config);
    }
    return new CorsFilter(source);
}
 
Example #23
Source File: CorsRegistry.java    From spring4-understanding with Apache License 2.0 5 votes vote down vote up
protected Map<String, CorsConfiguration> getCorsConfigurations() {
	Map<String, CorsConfiguration> configs = new LinkedHashMap<String, CorsConfiguration>(this.registrations.size());
	for (CorsRegistration registration : this.registrations) {
		configs.put(registration.getPathPattern(), registration.getCorsConfiguration());
	}
	return configs;
}
 
Example #24
Source File: DefaultCorsProcessor.java    From java-technology-stack with MIT License 5 votes vote down vote up
@Override
public boolean process(@Nullable CorsConfiguration config, ServerWebExchange exchange) {

	ServerHttpRequest request = exchange.getRequest();
	ServerHttpResponse response = exchange.getResponse();

	if (!CorsUtils.isCorsRequest(request)) {
		return true;
	}

	if (responseHasCors(response)) {
		logger.trace("Skip: response already contains \"Access-Control-Allow-Origin\"");
		return true;
	}

	if (CorsUtils.isSameOrigin(request)) {
		logger.trace("Skip: request is from same origin");
		return true;
	}

	boolean preFlightRequest = CorsUtils.isPreFlightRequest(request);
	if (config == null) {
		if (preFlightRequest) {
			rejectRequest(response);
			return false;
		}
		else {
			return true;
		}
	}

	return handleInternal(exchange, config, preFlightRequest);
}
 
Example #25
Source File: SecurityConfig.java    From incubator-wikift with Apache License 2.0 5 votes vote down vote up
@Bean
public FilterRegistrationBean corsFilter() {
    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    CorsConfiguration config = new CorsConfiguration();
    config.setAllowCredentials(true);
    config.addAllowedOrigin("*");
    config.addAllowedHeader("*");
    config.addAllowedMethod("*");
    source.registerCorsConfiguration("/**", config);
    FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source));
    bean.setOrder(0);
    return bean;
}
 
Example #26
Source File: AbstractHandlerMethodMapping.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
public void register(T mapping, Object handler, Method method) {
	this.readWriteLock.writeLock().lock();
	try {
		HandlerMethod handlerMethod = createHandlerMethod(handler, method);
		assertUniqueMethodMapping(handlerMethod, mapping);

		if (logger.isInfoEnabled()) {
			logger.info("Mapped \"" + mapping + "\" onto " + handlerMethod);
		}
		this.mappingLookup.put(mapping, handlerMethod);

		List<String> directUrls = getDirectUrls(mapping);
		for (String url : directUrls) {
			this.urlLookup.add(url, mapping);
		}

		String name = null;
		if (getNamingStrategy() != null) {
			name = getNamingStrategy().getName(handlerMethod, mapping);
			addMappingName(name, handlerMethod);
		}

		CorsConfiguration corsConfig = initCorsConfiguration(handler, method, mapping);
		if (corsConfig != null) {
			this.corsLookup.put(handlerMethod, corsConfig);
		}

		this.registry.put(mapping, new MappingRegistration<T>(mapping, handlerMethod, directUrls, name));
	}
	finally {
		this.readWriteLock.writeLock().unlock();
	}
}
 
Example #27
Source File: WebConfigurer.java    From TeamDojo with Apache License 2.0 5 votes vote down vote up
@Bean
public CorsFilter corsFilter() {
    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    CorsConfiguration config = jHipsterProperties.getCors();
    if (config.getAllowedOrigins() != null && !config.getAllowedOrigins().isEmpty()) {
        log.debug("Registering CORS filter");
        source.registerCorsConfiguration("/api/**", config);
        source.registerCorsConfiguration("/management/**", config);
        source.registerCorsConfiguration("/v2/api-docs", config);
    }
    return new CorsFilter(source);
}
 
Example #28
Source File: SecurityConfig.java    From xmall with MIT License 5 votes vote down vote up
/**
 * 允许跨域调用的过滤器
 */
@Bean
public CorsFilter corsFilter() {
    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    CorsConfiguration config = new CorsConfiguration();
    config.addAllowedOrigin("*");
    config.setAllowCredentials(true);
    config.addAllowedHeader("*");
    config.addAllowedMethod("*");
    source.registerCorsConfiguration("/**", config);
    FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source));
    bean.setOrder(0);
    return new CorsFilter(source);
}
 
Example #29
Source File: ApplicationConfig.java    From ZTuoExchange_framework with MIT License 5 votes vote down vote up
@Bean
public FilterRegistrationBean corsFilter() {
    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    CorsConfiguration config = new CorsConfiguration();
    config.addAllowedOrigin("*");
    config.setAllowCredentials(true);
    config.addAllowedHeader("*");
    config.addAllowedMethod("*");
    source.registerCorsConfiguration("/**", config);
    FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source));
    bean.setOrder(0);
    return bean;
}
 
Example #30
Source File: CorsConfig.java    From sophia_scaffolding with Apache License 2.0 5 votes vote down vote up
@Bean
public CorsWebFilter corsFilter() {
    CorsConfiguration config = new CorsConfiguration();
    config.addAllowedMethod("*");
    config.addAllowedOrigin("*");
    config.addAllowedHeader("*");

    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(new PathPatternParser());
    source.registerCorsConfiguration("/**", config);

    return new CorsWebFilter(source);
}