Spring 4.2's native Global CORS support won't work with CAS filterProcessesUrl

a 夏天 提交于 2019-12-04 12:06:21

CORS native support is done by default at Spring MVC HandlerMapping level, so it is expected that your CAS filter will not be CORS enabled, since it handles request earlier.

One option to consider is using the org.springframework.web.filter.CorsFilter we also provide with Spring Framework 4.2 with the AddFilterBefore approach.

Be aware that CorsConfiguration has not the same default configuration than @CrossOrigin or CorsRegistry, so you need to define most of the properties yourself, for example:

UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    CorsConfiguration config = new CorsConfiguration();
    config.setAllowCredentials(true); // you USUALLY want this
    config.addAllowedOrigin("*");
    config.addAllowedHeader("*");
    config.addAllowedMethod("GET");
    config.addAllowedMethod("PUT");
    source.registerCorsConfiguration("/**", config);
    CorsFilter filter = new CorsFilter(source);
    // ...
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!