Java Code Examples for org.springframework.web.cors.CorsConfiguration#setAllowedOrigins()
The following examples show how to use
org.springframework.web.cors.CorsConfiguration#setAllowedOrigins() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: SpringBootPlusCorsConfig.java From spring-boot-plus with Apache License 2.0 | 8 votes |
/**
* CORS跨域设置
*
* @return
*/
@Bean
public FilterRegistrationBean corsFilter(SpringBootPlusCorsProperties corsProperties) {
log.debug("corsProperties:{}", corsProperties);
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration corsConfiguration = new CorsConfiguration();
// 跨域配置
corsConfiguration.setAllowedOrigins(corsProperties.getAllowedOrigins());
corsConfiguration.setAllowedHeaders(corsProperties.getAllowedHeaders());
corsConfiguration.setAllowedMethods(corsProperties.getAllowedMethods());
corsConfiguration.setAllowCredentials(corsProperties.isAllowCredentials());
corsConfiguration.setExposedHeaders(corsProperties.getExposedHeaders());
corsConfiguration.setMaxAge(corsConfiguration.getMaxAge());
source.registerCorsConfiguration(corsProperties.getPath(), corsConfiguration);
FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source));
bean.setOrder(Ordered.HIGHEST_PRECEDENCE);
bean.setEnabled(corsProperties.isEnable());
return bean;
}
Example 2
Source File: WebSecurityConfiguration.java From microservices-basics-spring-boot with Apache License 2.0 | 7 votes |
@Bean
public CorsConfigurationSource corsConfigurationSource() {
final CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(ImmutableList.of("*"));
configuration.setAllowedMethods(ImmutableList.of("HEAD", "GET", "POST", "PUT", "DELETE", "PATCH"));
// setAllowCredentials(true) is important, otherwise:
// The value of the 'Access-Control-Allow-Origin' header in the response must
// not be the wildcard '*' when the request's credentials mode is 'include'.
configuration.setAllowCredentials(true);
// setAllowedHeaders is important! Without it, OPTIONS preflight request
// will fail with 403 Invalid CORS request
configuration.setAllowedHeaders(ImmutableList.of("*"));
final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
Example 3
Source File: WebSecurityConfig.java From SpringSecurity-JWT-Vue-Deom with MIT License | 7 votes |
/**
* 跨域配置
*/
@Bean
public CorsConfigurationSource corsConfigurationSource() {
// 允许跨域访问的 URL
List<String> allowedOriginsUrl = new ArrayList<>();
allowedOriginsUrl.add("http://localhost:8080");
allowedOriginsUrl.add("http://127.0.0.1:8080");
CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
// 设置允许跨域访问的 URL
config.setAllowedOrigins(allowedOriginsUrl);
config.addAllowedHeader("*");
config.addAllowedMethod("*");
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", config);
return source;
}
Example 4
Source File: LdapSecurityConfiguration.java From data-highway with Apache License 2.0 | 6 votes |
@Bean
public CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration().applyPermitDefaultValues();
configuration.setAllowedOrigins(ImmutableList.of("*"));
configuration.setAllowedMethods(ImmutableList.of("HEAD", "GET", "POST", "PUT", "DELETE", "PATCH"));
// setAllowCredentials(true) is important, otherwise:
// The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the
// request's credentials mode is 'include'.
configuration.setAllowCredentials(true);
// setAllowedHeaders is important! Without it, OPTIONS preflight request
// will fail with 403 Invalid CORS request
configuration.setAllowedHeaders(ImmutableList.of("Authorization", "Cache-Control", "Content-Type"));
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
Example 5
Source File: SyndesisCorsConfiguration.java From syndesis with Apache License 2.0 | 6 votes |
@Bean
public CorsFilter corsFilter() {
return new CorsFilter(request -> {
String pathInfo = request.getPathInfo();
if (pathInfo != null &&
(pathInfo.endsWith("/openapi.json") ||
pathInfo.endsWith("/openapi.yaml"))) {
return new CorsConfiguration().applyPermitDefaultValues();
}
CorsConfiguration config = new CorsConfiguration();
config.setAllowedOrigins(allowedOrigins);
config.setAllowedMethods(Arrays.asList("HEAD", "GET", "POST", "PUT", "DELETE", "PATCH"));
config.applyPermitDefaultValues();
return config;
});
}
Example 6
Source File: GatewayConfiguration.java From open-cloud with MIT License | 6 votes |
/**
* 跨域配置
*
* @return
*/
@Bean
public FilterRegistrationBean corsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
config.setAllowedHeaders(Lists.newArrayList(ALLOWED_HEADERS.split(",")));
config.setAllowedOrigins(Lists.newArrayList(ALLOWED_ORIGIN.split(",")));
config.setAllowedMethods(Lists.newArrayList(ALLOWED_METHODS.split(",")));
config.setMaxAge(MAX_AGE);
config.addExposedHeader(ALLOWED_EXPOSE);
source.registerCorsConfiguration("/**", config);
FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source));
//最大优先级,设置0不好使
bean.setOrder(Ordered.HIGHEST_PRECEDENCE);
log.info("CorsFilter [{}]", bean);
return bean;
}
Example 7
Source File: SecurityConfig.java From openvidu with Apache License 2.0 | 5 votes |
@Bean
public CorsFilter corsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration config = new CorsConfiguration();
config.setAllowedOrigins(Arrays.asList("*"));
config.setAllowedHeaders(Arrays.asList("*"));
config.setAllowedMethods(Arrays.asList("*"));
source.registerCorsConfiguration("/**", config);
return new CorsFilter(source);
}
Example 8
Source File: SecurityConfig.java From springboot-vue.js-bbs with Apache License 2.0 | 5 votes |
@Bean
public CorsConfigurationSource corsConfigurationSource() {
final CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Arrays.asList("*"));
configuration.setAllowedMethods(Arrays.asList("HEAD", "GET", "POST", "PUT", "DELETE", "PATCH"));
configuration.setAllowedHeaders(Arrays.asList("Authorization", "Cache-Control", "Content-Type"));
configuration.setAllowCredentials(false);
configuration.setMaxAge(3600L);
final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/api/**", configuration);
return source;
}
Example 9
Source File: SecurityCorsConfiguration.java From bootshiro with MIT License | 5 votes |
@SuppressWarnings("unchecked")
@Bean
public FilterRegistrationBean corsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration corsConfiguration = new CorsConfiguration();
corsConfiguration.setAllowCredentials(true);
corsConfiguration.setAllowedOrigins(Arrays.asList(CorsConfiguration.ALL));
corsConfiguration.setAllowedHeaders(Arrays.asList(CorsConfiguration.ALL));
corsConfiguration.setAllowedMethods(Arrays.asList(CorsConfiguration.ALL));
source.registerCorsConfiguration("/**", corsConfiguration);
FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source));
bean.setOrder(Ordered.HIGHEST_PRECEDENCE);
return bean;
}
Example 10
Source File: AbstractSockJsService.java From java-technology-stack with MIT License | 5 votes |
@Override
@Nullable
public CorsConfiguration getCorsConfiguration(HttpServletRequest request) {
if (!this.suppressCors && CorsUtils.isCorsRequest(request)) {
CorsConfiguration config = new CorsConfiguration();
config.setAllowedOrigins(new ArrayList<>(this.allowedOrigins));
config.addAllowedMethod("*");
config.setAllowCredentials(true);
config.setMaxAge(ONE_YEAR);
config.addAllowedHeader("*");
return config;
}
return null;
}
Example 11
Source File: ApiGatewayApplication.java From java-microservices-examples with Apache License 2.0 | 5 votes |
@Bean
public FilterRegistrationBean<CorsFilter> simpleCorsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
config.setAllowedOrigins(Collections.singletonList("*"));
config.setAllowedMethods(Collections.singletonList("*"));
config.setAllowedHeaders(Collections.singletonList("*"));
source.registerCorsConfiguration("/**", config);
FilterRegistrationBean<CorsFilter> bean = new FilterRegistrationBean<>(new CorsFilter(source));
bean.setOrder(Ordered.HIGHEST_PRECEDENCE);
return bean;
}
Example 12
Source File: SecurityConfiguration.java From java-microservices-examples with Apache License 2.0 | 5 votes |
@Bean
CorsWebFilter corsWebFilter() {
CorsConfiguration corsConfig = new CorsConfiguration();
corsConfig.setAllowedOrigins(List.of("*"));
corsConfig.setMaxAge(3600L);
corsConfig.addAllowedMethod("*");
corsConfig.addAllowedHeader("*");
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", corsConfig);
return new CorsWebFilter(source);
}
Example 13
Source File: CorsAutoConfiguration.java From hsweb-framework with Apache License 2.0 | 5 votes |
private CorsConfiguration buildConfiguration(CorsProperties.CorsConfiguration config) {
CorsConfiguration corsConfiguration = new CorsConfiguration();
corsConfiguration.setAllowedHeaders(config.getAllowedHeaders());
corsConfiguration.setAllowedMethods(config.getAllowedMethods());
corsConfiguration.setAllowedOrigins(config.getAllowedOrigins());
corsConfiguration.setAllowCredentials(config.getAllowCredentials());
corsConfiguration.setExposedHeaders(config.getExposedHeaders());
corsConfiguration.setMaxAge(config.getMaxAge());
return corsConfiguration;
}
Example 14
Source File: BasicSecurityConfigurerAdapter.java From gravitee-management-rest-api with Apache License 2.0 | 5 votes |
@Bean
public CorsConfigurationSource corsConfigurationSource() {
final CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
config.setAllowedOrigins(getPropertiesAsList("http.cors.allow-origin", "*"));
config.setAllowedHeaders(getPropertiesAsList("http.cors.allow-headers", "Cache-Control, Pragma, Origin, Authorization, Content-Type, X-Requested-With, If-Match, " + DEFAULT_CSRF_HEADER_NAME + ", " + DEFAULT_RECAPTCHA_HEADER_NAME));
config.setAllowedMethods(getPropertiesAsList("http.cors.allow-methods", "OPTIONS, GET, POST, PUT, DELETE, PATCH"));
config.setExposedHeaders(getPropertiesAsList("http.cors.exposed-headers", "ETag, " + DEFAULT_CSRF_HEADER_NAME));
config.setMaxAge(environment.getProperty("http.cors.max-age", Long.class, 1728000L));
final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", config);
return source;
}
Example 15
Source File: ResourceServerMain.java From spring-oauth-example with MIT License | 5 votes |
/**
* This special filter is needed so unauthorized request that are rejected by Spring security
* still have CORS headers.
* For some reason he {@code bean.setOrder} call is not enough, the configuration also needs
* {@code security.filter-order=5} for the CORS filter to be in front of the Spring Security
* filter.
*/
@Bean
public FilterRegistrationBean corsFilter() {
//based on https://github.com/spring-projects/spring-boot/issues/5834
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
config.setAllowedOrigins(Collections.singletonList("*"));
config.setAllowedMethods(Collections.singletonList("*"));
config.setAllowedHeaders(Collections.singletonList("*"));
source.registerCorsConfiguration("/**", config);
FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source));
bean.setOrder(0);
return bean;
}
Example 16
Source File: WebSecurityConfig.java From danyuan-application with Apache License 2.0 | 5 votes |
@Bean
CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Arrays.asList("*"));
configuration.setAllowedMethods(Arrays.asList("GET", "POST", "OPTIONS", "DELETE"));
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
Example 17
Source File: SecurityConfiguration.java From Spring-Boot-2-Fundamentals with MIT License | 5 votes |
@Bean
CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Collections.singletonList("https://example.com"));
configuration.setAllowedMethods(Arrays.asList("GET","POST"));
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
Example 18
Source File: DevelopmentConfig.java From eds-starter6-jpa with Apache License 2.0 | 5 votes |
@Bean
public FilterRegistrationBean<CorsFilter> corsFilterRegistration() {
FilterRegistrationBean<CorsFilter> filter = new FilterRegistrationBean<>();
CorsConfiguration config = new CorsConfiguration();
config.setAllowedOrigins(Collections.singletonList(CorsConfiguration.ALL));
config.setAllowedMethods(Collections.singletonList(CorsConfiguration.ALL));
config.setAllowedHeaders(Collections.singletonList(CorsConfiguration.ALL));
config.setAllowCredentials(true);
filter.setFilter(new CorsFilter(r -> config));
filter.setUrlPatterns(Collections.singleton("/*"));
filter.setOrder(SecurityProperties.DEFAULT_FILTER_ORDER - 1);
return filter;
}
Example 19
Source File: CommonBeanConfiguration.java From Insights with Apache License 2.0 | 5 votes |
/**
* used for CORS validation, A container for CORS configuration to validate
* against the actual origin, HTTP methods, and headers of a given request.
*
* @return
*/
@Bean
public CorsConfigurationSource corsConfigurationSource() {
LOG.debug("Setting up corsConfigurationSource ");
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Arrays.asList("*"));
configuration.setAllowedMethods(Arrays.asList("GET", "POST", "OPTIONS", "PUT", "DELETE", "PATCH"));
configuration.setAllowCredentials(true);
configuration.setAllowedHeaders(Arrays.asList("*"));
UrlBasedCorsConfigurationSource sourceCors = new UrlBasedCorsConfigurationSource();
sourceCors.registerCorsConfiguration("/**", configuration);
return sourceCors;
}
Example 20
Source File: HandlerMethodMappingTests.java From java-technology-stack with MIT License | 4 votes |
@Override
protected CorsConfiguration initCorsConfiguration(Object handler, Method method, String mapping) {
CorsConfiguration corsConfig = new CorsConfiguration();
corsConfig.setAllowedOrigins(Collections.singletonList("http://" + handler.hashCode() + method.getName()));
return corsConfig;
}