add multiple cross origin urls in spring boot

前端 未结 6 1223
太阳男子
太阳男子 2021-02-02 13:50

I found an example on how to set cors headers in spring-boot application. Since we have many origins, I need to add them. Is the following valid?

@Configuration
         


        
相关标签:
6条回答
  • 2021-02-02 13:57

    The way you are setting will only set the third origin and the other two will be gone.

    if you want all the three origins to be set then you need to pass them as comma separated Strings.

    @Override
    public void addCorsMappings(CorsRegistry registry) {
        registry.addMapping("/api/**")
            .allowedOrigins("http://domain1.com","http://domain2.com"
                            "http://domain3.com");
    }
    

    you can find the actual code here:

    https://github.com/spring-projects/spring-framework/blob/00d2606b000f9bdafbd7f4a16b6599fb51b53fa4/spring-webmvc/src/main/java/org/springframework/web/servlet/config/annotation/CorsRegistration.java#L61

    https://github.com/spring-projects/spring-framework/blob/31aed61d1543f9f24a82a204309c0afb71dd3912/spring-web/src/main/java/org/springframework/web/cors/CorsConfiguration.java#L122

    import org.springframework.beans.factory.annotation.Autowired;
    import org.springframework.context.annotation.Configuration;
    import org.springframework.context.annotation.PropertySource;
    import org.springframework.core.env.Environment;
    import org.springframework.web.servlet.config.annotation.CorsRegistry;
    import org.springframework.web.servlet.config.annotation.EnableWebMvc;
    import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
    
    @Configuration
    @EnableWebMvc
    @PropertySource("classpath:config.properties")
    public class CorsClass extends WebMvcConfigurerAdapter {
    
        @Autowired
        private Environment environment;
    
        @Override
        public void addCorsMappings(CorsRegistry registry) {
            String origins = environment.getProperty("origins");
            registry.addMapping("/api/**")
                    .allowedOrigins(origins.split(","));
        }
    }
    
    0 讨论(0)
  • 2021-02-02 13:59

    If you're using a Global CORS with Springboot and want to add multiple domains, this is how I've done it:

    In your property file, you can add your property and domains as below:

    allowed.origins=*.someurl.com,*.otherurl.com,*.someotherurl.com

    And your your Config Class:

    @EnableWebMvc
    @Configuration
    public class AppConfig extends WebMvcConfigurerAdapter {
    
    private static final Logger logger = LoggerFactory.getLogger(AppConfig.class);
    
    @Value("#{'${allowed.origins}'.split(',')}")
    private List<String> rawOrigins;
    
    @Bean
    public RestTemplate restTemplate() {
        return new RestTemplate();
    }
    
    @Bean
    public WebMvcConfigurer corsConfigurer() {
        return new WebMvcConfigurerAdapter() {
            @Override
            public void addCorsMappings(CorsRegistry registry) {
                logger.info("Adding CORS to the service");
                registry.addMapping("/**")
                            .allowedOrigins(getOrigin())
                        .allowedMethods(HttpMethod.GET.name(), HttpMethod.POST.name(), HttpMethod.OPTIONS.name())
                        .allowedHeaders(HttpHeaders.AUTHORIZATION, HttpHeaders.CONTENT_TYPE, "accessToken", "CorrelationId", "source")
                        .exposedHeaders(HttpHeaders.AUTHORIZATION, HttpHeaders.CONTENT_TYPE, "accessToken", "CorrelationId", "source")
                        .maxAge(4800);
            }
             /**
             * This is to add Swagger to work when CORS is enabled
             */
            @Override
            public void addResourceHandlers(ResourceHandlerRegistry registry) {
    
                   registry.addResourceHandler("swagger-ui.html")
                            .addResourceLocations("classpath:/META-INF/resources/");
    
                    registry.addResourceHandler("/webjars/**")
                            .addResourceLocations("classpath:/META-INF/resources/webjars/");
    
            }
        };
    }
    
    
    public String[] getOrigin() {
        int size = rawOrigins.size();
        String[] originArray = new String[size];
        return rawOrigins.toArray(originArray);
    }
    }
    

    Hope, this helps you and others who are looking for Spring enabled CORS.

    0 讨论(0)
  • 2021-02-02 14:00

    This would not work, try instead :

    registry.addMapping("/api/**")
            .allowedOrigins(
               "http://domain1.com",
               "http://domain2.com",
               "http://domain3.com")
    

    see also spring reference cors

    0 讨论(0)
  • 2021-02-02 14:10

    Create your custom annotation and annotate the API with that.

    @Retention(RetentionPolicy.RUNTIME)
    @Target({ElementType.METHOD})
    @CrossOrigin
    public @interface CrossOriginsList {
    
        public String[] crossOrigins() default  {
    
                "http://domain1.com", "http://domain1.com"
                "http://domain1.com", "http://domain1.com"
                // Pass as many as you want
        };
    }
    

    And now Annotate your API with this custom Annotation

    @CrossOriginsList
        public String methodName() throws Exception
    {
            //Business Logic
    }
    

    Worked perfectly fine for me.!!

    0 讨论(0)
  • 2021-02-02 14:13

    resources/application.yaml

    server:
      port: 8080
      servlet:
        contextPath: /your-service
      jetty:
        acceptors: 1
        maxHttpPostSize: 0
      cors:
        origins:
          - http://localhost:3001
          - https://app.mydomainnnn.com
          - https://app.yourrrrdooomain.com
    

    config/Config.java

    package com.service.config;
    
    import org.springframework.boot.context.properties.ConfigurationProperties;
    import org.springframework.boot.context.properties.EnableConfigurationProperties;
    import org.springframework.context.annotation.Configuration;
    
    import java.util.ArrayList;
    import java.util.List;
    
    @Configuration
    @EnableConfigurationProperties
    @ConfigurationProperties("server")
    public class Config {
    
      private int port;
        private Cors cors;
    
      public int getPort() {
        return this.port;
      }
    
      public void setPort(int port) {
        this.port = port;
      }
    
      public Cors getCors() {
        return this.cors;
      }
    
      public void setCors(Cors cors) {
        this.cors = cors;
      }
    
      public static class Cors {
        private List<String> origins = new ArrayList<>();
    
        public List<String> getOrigins() {
          return this.origins;
        }
    
        public void setOrigins(List<String> origins) {
          this.origins = origins;
        }
      }
    }
    

    config/WebConfig.java

    package com.service.config;
    
    import java.util.Arrays; 
    import org.springframework.beans.factory.annotation.Autowired;
    import org.springframework.context.annotation.Configuration;
    import org.springframework.context.annotation.PropertySource;
    import org.springframework.context.annotation.ComponentScan;
    import org.springframework.core.env.Environment;
    import org.springframework.web.servlet.config.annotation.CorsRegistry;
    import org.springframework.web.servlet.config.annotation.EnableWebMvc;
    import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
    
    @Configuration
    @EnableWebMvc
    @ComponentScan(basePackages = "com.service.controller")
    @PropertySource("classpath:application.yaml")
    public class WebConfig extends WebMvcConfigurerAdapter {
    
        @Autowired
        private Environment environment;
    
        @Autowired
        private Config config;
    
        @Override
        public void addCorsMappings(CorsRegistry registry) {
          System.out.println("configuring cors");
          String[] origins = config.getCors().getOrigins().toArray(String[]::new);
          System.out.println("  - origins " + Arrays.toString(origins));
          registry.addMapping("/**")
                  .allowedOrigins(origins);
        }
    }
    
    0 讨论(0)
  • 2021-02-02 14:18

    In Spring boot there is an annotation @CrossOrigin which will simply add header in the response.

    1. For multiple:
    @CrossOrigin(origins = {"http://localhost:7777", "http://someserver:8080"})
    @RequestMapping(value = "/abc", method = RequestMethod.GET)
    @ResponseBody
    public Object doSomething(){
      ...
    }
    
    2. If you wanna allow for everyone then simply use.
    @CrossOrigin
    
    0 讨论(0)
提交回复
热议问题