CORS Configuration Examples for Spring Boot

Explore practical examples of CORS configuration in Spring Boot for seamless API integration.
By Jamie

Understanding CORS in Spring Boot

Cross-Origin Resource Sharing (CORS) is a security feature implemented in web browsers that allows or restricts resources requested from different origins. In the context of APIs, proper CORS configuration is essential for enabling applications hosted on different domains to interact with your Spring Boot API. Below are three practical examples of CORS configuration in Spring Boot to help you effectively set up your API.

Example 1: Global CORS Configuration

Use Case

This example demonstrates how to configure CORS globally for all endpoints in a Spring Boot application, allowing requests from specific origins.

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

@Configuration
public class WebConfig implements WebMvcConfigurer {
    @Override
    public void addCorsMappings(CorsRegistry registry) {
        registry.addMapping("/**")  // Allow all endpoints
                .allowedOrigins("https://example.com", "https://another-example.com")  // Specify allowed origins
                .allowedMethods("GET", "POST", "PUT", "DELETE")  // Specify allowed methods
                .allowedHeaders("*")  // Allow all headers
                .allowCredentials(true);  // Allow credentials
    }
}

Notes

  • This configuration applies to all endpoints in your application. Adjust the addMapping method if you want to restrict it to specific paths.
  • The allowedOrigins method takes an array of origins that you want to permit.
  • Ensure that allowCredentials is set to true only if you are handling authentication.

Example 2: CORS Configuration for Specific Controller

Use Case

In this example, we configure CORS for a specific controller, providing a more fine-grained control over which origins can access its endpoints.

import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
@CrossOrigin(origins = "https://specific-client.com", allowedHeaders = "*", allowCredentials = "true")
public class SpecificController {
    @GetMapping("/data")
    public String getData() {
        return "This is data from the specific controller.";
    }
}

Notes

  • The @CrossOrigin annotation can be added directly to the controller or individual handler methods.
  • By specifying allowedHeaders, you can control which headers can be sent in the requests.
  • Use this approach when you want to restrict access to a particular controller without affecting the global configuration.

Example 3: CORS Configuration Using Properties File

Use Case

For developers looking to manage CORS settings through properties, this example shows how to set CORS configurations in the application.properties file.

## application.properties
## CORS Configuration
spring.web.cors.allowed-origin-patterns=https://*.example.com
spring.web.cors.allow-credentials=true
spring.web.cors.allowed-methods=GET,POST,PUT,DELETE
spring.web.cors.allowed-headers=*

Notes

  • This method provides a convenient way to manage configurations without modifying Java code, making it easier to adjust settings during deployment.
  • The allowed-origin-patterns allows wildcard patterns, which can be useful for subdomain configurations.
  • Ensure that your Spring Boot version supports these properties; they were introduced in Spring Boot 2.4.

By employing these examples of CORS configuration for Spring Boot, you can effectively manage cross-origin requests, enhancing the security and functionality of your API.