Product
Introducing License Enforcement in Socket
Ensure open-source compliance with Socket’s License Enforcement Beta. Set up your License Policy and secure your software!
io.github.iruzhnikov:spring-cors-properties
Advanced tools
Adds support CORS configurations from properties file
This library enables the CORS configuration in application property files such as application.properties / application.yml / cors.yml In general. no coding is required to configure CORS for different environments of your application. All you need to do is
To enable the feature, please add the dependency to your project (navigate to this links):
group: io.github.iruzhnikov
name: spring-webmvc-cors-properties-autoconfigure
group: io.github.iruzhnikov
name: spring-webflux-cors-properties-autoconfigure
Add this property to application.properties
file for adding reading configuration from different file
application.properties
file content:
spring.config.import: optional:classpath:cors.yml
Configure the CORS rules in cors.yml
properties file
cors.yml
file content:
spring:
web:
cors:
enabled: true
mappings: #spring.web.cors.mappings.<any_name>.<property>: <value>
anyName: #just any name, just for grouping properties under the same path pattern (not used in internal logic)
paths: #ant style path pattern, ATTENTION! not ordered, /** pattern override all other pattern
- /path/to/api
- /path/to/api/**
#allowed-origins: "*"
allowed-methods: GET #Enable override all defaults! If disabled: a lot more from all the controller methods included from the path pattern matches
#allowed-headers: "*"
#exposed-headers: ('*' - not-supported)
#allow-credentials: true
allowed-origin-patterns: .*
#max-age: PT30M
The 'anyName' in configuration lets you configure the different groups, e.g. 'path /api' and 'path /api/admin' may have CORS configurations. To make the configurations different, please different sections, e.g. 'anyName: api' and 'anyName: apiAdmin'.
Actually, that's all you need to do basic configuration. The further configs are to let you make tiny configurations.
To specify details of CORS configuration you may use a separate file cors.yml (of course you may use default application.properties file).
more details aboutspring.config.import
in Spring
Don't use this library for CORS configuration forSpring Actuator
, because this library has self specific config (props name like of management.*)
more details in Spring
For application.yml files that contains several 'spring.profiles', please use property file annotation (one line) forspring.web.cors.enabled
, otherwise spring boot ignores the config line.
more details in stackoverflow
If you like to have the automatic discovery of the allowed-methods in your CORS configuration, please
remove @EnableWebMvc in your code.
if you extended corresponding class:
//for MVC import org.springframework.webmvc.servlet.config.annotation.WebMvcConfigurationSupport; //for FLUX import org.springframework.web.reactive.config.DelegatingWebFluxConfiguration;
please change extended class to next class or open it for learning how to it works
(I mean createRequestMappingHandlerMapping function)
//for MVC import io.github.iruzhnikov.webmvc.servlet.CorsPropWebMvcConfigurationSupport; //for FLUX import io.github.iruzhnikov.webflux.servlet.CorsPropWebFluxConfigurationSupport;
You must register property apply bean
//for MVC
import io.github.iruzhnikov.webmvc.servlet.SpringMvcCorsConfigurer;
//for FLUX
import io.github.iruzhnikov.webflux.servlet.SpringFluxCorsConfigurer;
and you should register autoconfiguration for allowed-methods (not required)
//for MVC
import io.github.iruzhnikov.webmvc.servlet.CorsEndpointHandlerMapping;
//for FLUX
import io.github.iruzhnikov.webflux.servlet.CorsEndpointHandlerMapping;
FAQs
Adds support CORS configurations from properties file
We found that io.github.iruzhnikov:spring-cors-properties demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Ensure open-source compliance with Socket’s License Enforcement Beta. Set up your License Policy and secure your software!
Product
We're launching a new set of license analysis and compliance features for analyzing, managing, and complying with licenses across a range of supported languages and ecosystems.
Product
We're excited to introduce Socket Optimize, a powerful CLI command to secure open source dependencies with tested, optimized package overrides.