Spring Boot Creating a Spring Boot Project Making HTTP GET Requests with Query Parameters in Spring Boot Making HTTP POST Requests in Spring Boot Calling a REST API in Spring Boot Validating Request Input in Spring Boot Uploading Files in Spring Boot Downloading Files in Spring Boot Upload Image File as Base64 String in Spring Boot How to Zip Multiple Files for Download in Spring Boot/Java Spring Boot with MySQL Spring Boot with MongoDB Spring Data JPA Query Methods Pagination and Sorting in Spring Boot Enable Global CORS in Spring Boot How to Write Unit Tests in Spring Boot - Best Practices and Examples Convert XML to JSON in Spring Boot Convert JSON to XML in Spring Boot Change Logback Log Level Programmatically at Runtime via a REST API in Spring Boot Exporting Data from MySQL Database to Excel in Spring Boot via REST API using Apache POI Library Importing Excel Data into MySQL Database in Spring Boot via REST API using Apache POI Library JWT Authentication using Spring Security OAuth2 in Spring Boot Example Spring JPA Query to Check if the Current Date is Between a Range of Two Dates Spring JPA Query to Find the Offered Price on the Current Date by Searching Between a Range of Two Dates MongoDB Query to Find Ranking of Records in Spring Boot Java Using Multiple Databases with Spring Data JPA in Spring Boot Convert HTML to PDF for download in Spring Boot Building Microservices using Spring Boot in 2024 Calling a Rest API using WebClient in Spring Boot

Enable Global CORS in Spring Boot

Last updated Apr 25, 2024

CORS stands for Cross-Origin Resource Sharing. It is an HTTP-header based mechanism that permits loading of restricted web resources of one domain from another domain.

In Spring Boot, you can configure CORS (Cross-Origin Resource Sharing) in several ways to control cross-origin requests from different domains. The following are two different approaches to configure CORS:

Global CORS Configuration

To apply Global CORS settings to all endpoints in your Spring Boot application, create a configuration class that implements WebMvcConfigurer and inside the configuration class, override the addCorsMappings method to configure global CORS settings:

import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

@Configuration
public class GlobalCorsConfiguration implements WebMvcConfigurer {
  @Override
  public void addCorsMappings(CorsRegistry registry) {
    registry.addMapping("/**").allowedOrigins("*")
    .allowedMethods("GET", "POST", "PUT", "DELETE")
        .allowedHeaders("*");
  }
}

In this example, we have configured the application to grant access to all origins (*) for every endpoint. Additionally, we have authorized the usage of HTTP methods GET, POST, PUT, and DELETE, while permitting all headers in CORS requests.

You can customize the allowedOrigins, allowedMethods, and allowedHeaders to restrict access to specific origins or limit the allowed methods and headers.

The addition of @Configuration annotation to this configuration class, will automatically pick this class up and enable the Global CORS settings for your application.

Enabling CORS at the Method Level

We can enable CORS (Cross-Origin Resource Sharing) for specific controller methods in Spring Boot by using the @CrossOrigin annotation at the method level. This allows you to customize CORS settings for individual controller methods instead of applying them globally to the entire controller class.

Here's how to enable CORS in specific controller methods:

@RestController
@RequestMapping("/api")
public class MyController {

    @CrossOrigin(origins = {"http://example.com", "*"}, allowedHeaders = "*",
      methods = {RequestMethod.GET, RequestMethod.POST, RequestMethod.PUT,RequestMethod.DELETE})
    @GetMapping("/data")
    public ResponseEntity<Data> getData() {
        // Method logic here
    }

    @CrossOrigin(origins = {"http://localhost:8080", "*"}, allowedHeaders = "*",
      methods = {RequestMethod.GET, RequestMethod.POST, RequestMethod.PUT,RequestMethod.DELETE})
    @PostMapping("/save")
    public ResponseEntity<String> saveData(@RequestBody Data data) {
        // Method logic here
    }

    // Other controller methods and logic...
}

By using @CrossOrigin at the method level, you can fine-tune the CORS settings for each specific controller method. This allows you to control access to the API endpoints on a per-method basis, providing flexibility and security as needed for your application.