io.github.iruzhnikov:spring-cors-properties

Description

This library enables the CORS configuration in application property files such as application.properties / application.yml / cors.yml In general. no coding is required to configure CORS for different environments of your application. All you need to do is

1. add the feature to your project changing maven / gradle / other build tool config
2. enable the feature in project property file
3. configure the CORS in the same or separate property file, that's up to you to decide

How to add the feature to Spring Boot

To enable the feature, please add the dependency to your project (navigate to this links):

group: io.github.iruzhnikov
name: spring-webmvc-cors-properties-autoconfigure

group: io.github.iruzhnikov
name: spring-webflux-cors-properties-autoconfigure

To enable the feature in Spring Boot project

Add this property to application.properties file for adding reading configuration from different file

application.properties file content:

spring.config.import: optional:classpath:cors.yml

Configure the CORS rules in cors.yml properties file

cors.yml file content:

spring:
  web:
    cors:
      enabled: true
      mappings: #spring.web.cors.mappings.<any_name>.<property>: <value>
        anyName: #just any name, just for grouping properties under the same path pattern (not used in internal logic)
          paths: #ant style path pattern, ATTENTION! not ordered, /** pattern override all other pattern
            - /path/to/api
            - /path/to/api/**
          #allowed-origins: "*"
          allowed-methods: GET #Enable override all defaults! If disabled: a lot more from all the controller methods included from the path pattern matches
          #allowed-headers: "*"
          #exposed-headers: ('*' - not-supported)
          #allow-credentials: true
          allowed-origin-patterns: .*
          #max-age: PT30M

The 'anyName' in configuration lets you configure the different groups, e.g. 'path /api' and 'path /api/admin' may have CORS configurations. To make the configurations different, please different sections, e.g. 'anyName: api' and 'anyName: apiAdmin'.

Actually, that's all you need to do basic configuration. The further configs are to let you make tiny configurations.

To specify details of CORS configuration you may use a separate file cors.yml (of course you may use default application.properties file).
more details about spring.config.import in Spring

Don't use this library for CORS configuration for Spring Actuator, because this library has self specific config (props name like of management.*)
more details in Spring

For application.yml files that contains several 'spring.profiles', please use property file annotation (one line) for spring.web.cors.enabled, otherwise spring boot ignores the config line.
more details in stackoverflow

Autoconfigure for allowed-methods (GET, POST etc.) by path patterns

If you like to have the automatic discovery of the allowed-methods in your CORS configuration, please
remove @EnableWebMvc in your code.

if you extended corresponding class:

//for MVC
import org.springframework.webmvc.servlet.config.annotation.WebMvcConfigurationSupport;
//for FLUX
import org.springframework.web.reactive.config.DelegatingWebFluxConfiguration;

please change extended class to next class or open it for learning how to it works
(I mean createRequestMappingHandlerMapping function)

//for MVC
import io.github.iruzhnikov.webmvc.servlet.CorsPropWebMvcConfigurationSupport;
//for FLUX
import io.github.iruzhnikov.webflux.servlet.CorsPropWebFluxConfigurationSupport;

To enable the feature in Spring Framework

You must register property apply bean

//for MVC
import io.github.iruzhnikov.webmvc.servlet.SpringMvcCorsConfigurer;
//for FLUX
import io.github.iruzhnikov.webflux.servlet.SpringFluxCorsConfigurer;

and you should register autoconfiguration for allowed-methods (not required)

//for MVC
import io.github.iruzhnikov.webmvc.servlet.CorsEndpointHandlerMapping;
//for FLUX
import io.github.iruzhnikov.webflux.servlet.CorsEndpointHandlerMapping;