score:3

Accepted answer

you can add it by overriding addcorsmappings of webmvcconfigureradapter, so either create a class that extends webmvcconfigureradapter or define a bean in your configuration class like this:

    @bean
    public webmvcconfigurer corsconfigurer () {
        return new webmvcconfigureradapter() {
            @override
            public void addcorsmappings(corsregistry registry) {
                registry.addmapping("/api/**")
                        .allowedorigins("http://domain1.com", "http://domain2.com")
                        .allowedmethods("get", "options")
                        .allowedheaders("header1", "header2", "header3")
                        .exposedheaders("header1", "header2")
                        .allowcredentials(false).maxage(3600);
            }
        }
    }

edit

as of 5.0 webmvcconfigureradapter is deprecated and hence you could acheive the same thing by implementing webmvcconfigurer interface (added default methods, thanks java 8 ! and can be implemented directly without the need for this adapter)

@configuration
@enablewebmvc
public class mywebmvcconfig implements webmvcconfigurer {

   @override
   public void addcorsmappings(corsregistry registry) {
            registry.addmapping("/api/**")
                    .allowedorigins("http://domain1.com", "http://domain2.com")
                    .allowedmethods("get", "options")
                    .allowedheaders("header1", "header2", "header3")
                    .exposedheaders("header1", "header2")
                    .allowcredentials(false).maxage(3600);
   }
 }

score:0

you can add a global configuration like

    @bean
    public webmvcconfigurer corsconfigurer() {
        return new webmvcconfigureradapter() {
            @override
            public void addcorsmappings(corsregistry registry) {
                registry.addmapping("/greeting-javaconfig").allowedorigins("http://localhost:9000");
            }
        };
    }

just use this to add a global corrs configuration that will affect all the endpoints.try this if the annotation doesn't work.

score:2

you can create separate cors configuration class as follows. this class will handle the cors configurations for all requests throughout your application and you need not annotate each controller separately with @crossorigin.

@configuration
public class corsconfig {

    @bean
    public corsfilter corsfilter() {
        urlbasedcorsconfigurationsource source = new urlbasedcorsconfigurationsource();
        corsconfiguration config = new corsconfiguration();
        config.setallowcredentials(true);
        config.addallowedorigin("*");         //'*' allows all endpoints, provide your url/endpoint, if any.
        config.addallowedheader("*");         
        config.addallowedmethod("post");   //add the methods you want to allow like 'get', 'put',etc. using similar statements.
        config.addallowedmethod("get");
        source.registercorsconfiguration("/**", config);
        return new corsfilter(source);
    }
}

Related Query

More Query from same tag