Global CORS configuration breaks when migrating to Spring Boot 2.0.x

I'm using spring boot 2.0.2. I have the same issue, but I use the following code to fix it. Does anybody have the best way? 

//    Miss `Access-Control-Allow-Origin` header in response using this bean. 
//    @Bean
//    CorsConfigurationSource corsConfigurationSource() {
//        CorsConfiguration configuration = new CorsConfiguration();
//        configuration.setAllowCredentials(true);
//        configuration.setAllowedHeaders(Arrays.asList("Authorization", "Cache-Control", "Content-Type"));
//        configuration.addAllowedMethod("*");
//        configuration.setAllowedOrigins(this.getAllowedOrigins());
//        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
//        source.registerCorsConfiguration("/**", configuration);
//        return source;
//    }

    @Bean
    public FilterRegistrationBean<CorsFilter> initCorsFilter() {
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        CorsConfiguration config = new CorsConfiguration();
        config.setAllowCredentials(true);
        config.setAllowedHeaders(Arrays.asList("Authorization", "Cache-Control", "Content-Type"));
        config.addAllowedMethod("*");
        config.setAllowedOrigins(this.getAllowedOrigins());
        source.registerCorsConfiguration("/**", config);
        FilterRegistrationBean<CorsFilter> bean = new FilterRegistrationBean<>(new CorsFilter(source));
        bean.setOrder(Ordered.HIGHEST_PRECEDENCE);
        return bean;
    }

This was missing from the Spring doc and many examples but the answer was very easy. I just saw the allowCredentials() method on CorsRegistry and added .allowCredentials(true) to the registry method chain and that added the Access-Control-Allow-Credentials header back in.

Also, I no longer use the deprecated WebMvcConfigurerAdapter, but now implement WebMvcConfigurer and override the addCorsMappings() method.

@Configuration
public class CorsConfig implements WebMvcConfigurer {

    @Override
    public void addCorsMappings(CorsRegistry registry) {

        registry.addMapping("/**")
                .allowedOrigins(
                        "http://localhost:3000",..)
                .allowedMethods("GET", "POST", "PUT", "DELETE", "HEAD")
                .allowCredentials(true)
        ;
    }
    
}

If you are using Spring Boot 2.0.x

CORS support is disabled by default and is only enabled once the management.endpoints.web.cors.allowed-origins property has been set. The following configuration permits GET and POST calls from the example.com domain:

management.endpoints.web.cors.allowed-origins=http://example.com management.endpoints.web.cors.allowed-methods=GET,POST

For more information refer

Tags:

Cors

Spring Boot

Related

Firefox can't connect to a local site, but Chrome can C++11 lambda capture `this` and capture local variables by value Hamcrest - Matchers.hasProperty: how to check if a List of objects contains an object with a concrete value Multiple dex files define Lcom/google/android/gms/internal/measurement/zzabn MongoDB No converter found capable of converting from type [java.lang.String] to type [java.time.LocalDateTime] Add a druid cluster as a SQL database in Apache Superset "code ." command is not working MIME type error with express.static and CSS files How do I get the Firestore document ID when using FirestoreRecyclerAdapter? Unable to get object metadata from S3. Check object key, region and/or access permissions in aws Rekognition How to do Phone Authentication in Flutter using Firebase? How can dataclasses be made to work better with __slots__?

Recent Posts