Enabling Cross-Origin Resource Sharing (CORS) in Spring Boot applications can be achieved through several methods, depending on your requirements and the complexity of your configuration. Here are three common approaches to enable CORS.
Method 1: Using the @CrossOrigin Annotation
The simplest approach is to apply the @CrossOrigin annotation to your controller or specific method. This method is ideal for straightforward scenarios, such as allowing access only from a particular origin.
Example:
import org.springframework.web.bind.annotation.CrossOrigin; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RestController; @RestController @CrossOrigin(origins = "http://example.com") public class MyController { @GetMapping("/data") public String getData() { return "Data from Spring Boot"; } }
In this example, @CrossOrigin(origins = "http://example.com") specifies that only requests from http://example.com can access the /data endpoint.
Method 2: Global CORS Configuration
For configuring CORS across multiple controllers or the entire application, you can implement global CORS settings in your Spring Boot configuration class using WebMvcConfigurer.
Example:
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.web.servlet.config.annotation.CorsRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; @Configuration public class WebConfig implements WebMvcConfigurer { @Override public void addCorsMappings(CorsRegistry registry) { registry.addMapping("/**") .allowedOrigins("http://example.com") .allowedMethods("GET", "POST", "PUT", "DELETE") .allowedHeaders("*") .allowCredentials(true); } }
In this configuration, addCorsMappings adds a mapping /**, meaning all endpoints will permit cross-origin requests from http://example.com and support the GET, POST, PUT, and DELETE methods.
Method 3: Using Spring Security
If your application integrates Spring Security, you can include CORS settings within your Spring Security configuration.
Example:
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; @EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http.cors().and() // Enable CORS .csrf().disable() .authorizeRequests() .antMatchers("/public/**").permitAll() .anyRequest().authenticated(); } }
In this setup, http.cors().and() enables CORS, while subsequent configurations ensure the application's security.
By implementing these methods, you can select the most suitable approach for your specific needs to enable CORS in Spring Boot applications. Each method offers distinct use cases and advantages.