Skip to content

Commit 64628dc

Browse files
sdeleuzesdeleuze
committed
Add CorsFilter documentation
1 parent 52387ca commit 64628dc

File tree

1 file changed

+39
-1
lines changed

1 file changed

+39
-1
lines changed

src/asciidoc/web-cors.adoc

Lines changed: 39 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -203,4 +203,42 @@ It can be provided in various ways:
203203
* Handlers can implement the {api-spring-framework}/web/cors/CorsConfigurationSource.html[`CorsConfigurationSource`]
204204
interface (like https://github.com/spring-projects/spring-framework/blob/master/spring-webmvc/src/main/java/org/springframework/web/servlet/resource/ResourceHttpRequestHandler.java[`ResourceHttpRequestHandler`]
205205
now does) in order to provide a {api-spring-framework}/web/cors/CorsConfiguration.html[CorsConfiguration]
206-
instance for each request.
206+
instance for each request.
207+
208+
== Filter based CORS support
209+
210+
In order to support CORS with filter-based security frameworks like
211+
http://projects.spring.io/spring-security/[Spring Security], or
212+
with other libraries that do not support natively CORS, Spring Framework also
213+
provides a http://docs.spring.io/spring/docs/current/javadoc-api/org/springframework/web/filter/CorsFilter.html[`CorsFilter`].
214+
Instead of using `@CrossOrigin` or `WebMvcConfigurer#addCorsMappings(CorsRegistry)`, you
215+
need to register a custom filter defined like bellow:
216+
217+
[source,java,indent=0]
218+
----
219+
import org.springframework.web.cors.CorsConfiguration;
220+
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
221+
import org.springframework.web.filter.CorsFilter;
222+
223+
public class MyCorsFilter extends CorsFilter {
224+
225+
public MyCorsFilter() {
226+
super(configurationSource());
227+
}
228+
229+
private static UrlBasedCorsConfigurationSource configurationSource() {
230+
CorsConfiguration config = new CorsConfiguration();
231+
config.setAllowCredentials(true);
232+
config.addAllowedOrigin("http://domain1.com");
233+
config.addAllowedHeader("*");
234+
config.addAllowedMethod("*");
235+
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
236+
source.registerCorsConfiguration("/**", config);
237+
return source;
238+
}
239+
}
240+
----
241+
242+
You need to ensure that `CorsFilter` is ordered before the other filters, see
243+
https://spring.io/blog/2015/06/08/cors-support-in-spring-framework#filter-based-cors-support[this blog post]
244+
about how to configure Spring Boot accordingly.

0 commit comments

Comments
 (0)