Menu
I want to allow cross origin requests for one domain. My project uses Spring so I want to take advantage of the new CORS support.
I am using version 4.2.0 for all springframework dependencies.
I followed the example here https://spring.io/blog/2015/06/08/cors-support-in-spring-framework#disqus_thread and tried the first version. My controller annotations looks like:
@CrossOrigin(origins = "http://fiddle.jshell.net/", maxAge = 3600)
@Controller
@RequestMapping("/rest")
public class MyController
If I understood correctly the mvc-config is an alternative method. I tried it as well:
<mvc:cors>
<mvc:mapping path="/**"
allowed-origins="http://fiddle.jshell.net/, http://domain2.com"
allowed-methods="GET, PUT"
allowed-headers="header1, header2, header3"
exposed-headers="header1, header2" allow-credentials="false"
max-age="123" />
</mvc:cors>
With either methods, the Response doesn't seem to contain anything like Access-Control-Allow-Origin, neither can I get a result back through a simple query from jsfiddle.
The header info from Chrome developer tools, when ran and accessed from localhost is below. In this case the request is from the same domain and not through javascript, but I thought the CORS annotation would add the access control parameters anyway?
Response Headers:
Content-Length:174869
Content-Type:text/html;charset=UTF-8
Date:Fri, 21 Aug 2015 12:21:09 GMT
Server:Apache-Coyote/1.1
Request Header:
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*\/*;q=0.8
Accept-Encoding:gzip, deflate, sdch
Accept-Language:en-US,en;q=0.8,ro;q=0.6,de;q=0.4,fr;q=0.2
Cache-Control:no-cache
Connection:keep-alive
Cookie:JSESSIONID=831EBC138D2B7E176DF4945ADA05CAC1;_ga=GA1.1.1046500342.1404228238; undefined=0
Host:localhost:8080
Pragma:no-cache
Upgrade-Insecure-Requests:1
User-Agent:Mozilla/5.0(Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
I do not use spring boot and I presume I missed a configuration step.
685
Enable CORS in Controller Method We need to set the origins for RESTful web service by using @CrossOrigin annotation for the controller method. This @CrossOrigin annotation supports specific REST API, and not for the entire application.
Controller Method CORS Configuration This @CrossOrigin annotation enables cross-origin resource sharing only for this specific method. By default, its allows all origins, all headers, and the HTTP methods specified in the @RequestMapping annotation. Also, a maxAge of 30 minutes is used.
RequestMapping annotation is used to map web requests onto specific handler classes and/or handler methods. @RequestMapping can be applied to the controller class as well as methods. Today we will look into various usage of this annotation with example and other annotations @PathVariable and @RequestParam .
In this article, we showed how Spring provides support for enabling CORS in our application. We started with the configuration of the controller. We saw that we only need to add the annotation @CrossOrigin to enable CORS to either one particular method or the entire controller.
I've reproduced this problem for myself. The problem happens when I don't have @EnableWebMvc annotation in my @Configuration annotated class. I've reported this problem as a bug in Sping Jira with details behind it: https://jira.spring.io/browse/SPR-13857
I see the fix either in code or in documentation. Documentation fix would be to state in @CrossOrigin class javadoc that @EnableWebMvc is required, but I'd prefer the fix in code so that cors annotation works without @EnableWebMvc.
179
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
