automatically add header to every response

Question

I want to add this header "Access-Control-Allow-Origin", "*" to every response made to the client whenever a request has made for rest controllers in my application to allow cross origin resource sharing Currently I 'm manually adding this header to each and every method like this

HttpHeaders headers = new HttpHeaders(); headers.add("Access-Control-Allow-Origin", "*"); 

Its working but its very frustrating . I found webContentInterceptor in spring docs which allow us to modify headers on each response

<mvc:interceptors> <bean id="webContentInterceptor"  class="org.springframework.web.servlet.mvc.WebContentInterceptor"> <property name="Access-Control-Allow-Origin" value="*"/> </bean> </mvc:interceptors> 

but when i use this it throws error that property not found of name Access-Control-Allow-Origin so is there any other way we can automatically add header to every response

Update ! Spring framework 4.2 greatly simplifies this by adding @CrossOrigin annotation to either a method or a controller itself https://spring.io/blog/2015/06/08/cors-support-in-spring-framework

Answer 1

I recently got into this issue and found this solution. You can use a filter to add these headers :

import java.io.IOException;  import javax.servlet.FilterChain; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.springframework.web.filter.OncePerRequestFilter;  public class CorsFilter extends OncePerRequestFilter {      @Override     protected void doFilterInternal(HttpServletRequest request,                                     HttpServletResponse response, FilterChain filterChain)             throws ServletException, IOException {             response.addHeader("Access-Control-Allow-Origin", "*");             if (request.getHeader("Access-Control-Request-Method") != null                     && "OPTIONS".equals(request.getMethod())) {                 // CORS "pre-flight" request                 response.addHeader("Access-Control-Allow-Methods",                         "GET, POST, PUT, DELETE");                 response.addHeader("Access-Control-Allow-Headers",                         "X-Requested-With,Origin,Content-Type, Accept");             }             filterChain.doFilter(request, response);     }  } 

Don't forget add the filter to your spring context:

<bean id="corsFilter" class="my.package.CorsFilter" /> 

and the mapping in the web.xml:

<filter>     <filter-name>corsFilter</filter-name>     <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter>  <filter-mapping>     <filter-name>corsFilter</filter-name>     <url-pattern>/*</url-pattern> </filter-mapping> 

To go a little further you can specify a Spring profile to enable or disable this filter with something like that:

<beans profile="!cors">     <bean id="corsFilter" class="my.package.FilterChainDoFilter" /> </beans>  <beans profile="cors">     <bean id="corsFilter" class="my.package.CorsFilter" /> </beans> 

(providing the FilterChainDoFilter similar to the CorsFilter but which only does filterChain.doFilter(request, response); in the doFilterInternal(..))