Category : Interview Questions | Sub Category : Spring Boot Interview Questions | By Prasad Bonam Last updated: 2023-08-04 19:28:48 Viewed : 54
Enabling Cross-Origin Resource Sharing (CORS) in a Spring Boot application allows the application to handle requests from different origins (e.g., domains or ports) than the one the application is hosted on. This is a common requirement when building web applications that interact with APIs hosted on different domains. CORS is a security feature implemented by web browsers to prevent unauthorized cross-origin requests.
To enable CORS in a Spring Boot application, you can use the WebMvcConfigurer
interface and override the addCorsMappings
method to define the allowed origins, HTTP methods, headers, etc. Here is an example of how to enable CORS in a Spring Boot application:
CorsConfig
) that implements WebMvcConfigurer
:javapackage com.example.demo.config;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@Configuration
public class CorsConfig implements WebMvcConfigurer {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**") // Allow all endpoints to handle CORS
.allowedOrigins("http://localhost:3000") // Allow requests from this origin
.allowedMethods("GET", "POST", "PUT", "DELETE") // Allowed HTTP methods
.allowedHeaders("*"); // Allowed request headers
}
}
In this example, we are allowing CORS requests from http://localhost:3000
(replace this with your frontend applications origin) and allowing all endpoints in the application to handle CORS. You can customize the allowed origins, methods, headers, etc., as per your specific requirements.
javapackage com.example.demo.config;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors().and().csrf().disable();
}
}
By disabling CSRF protection (not recommended for production applications), you allow your frontend application to perform CORS requests without having to include CSRF tokens.
These configurations will enable CORS in your Spring Boot application, allowing it to handle requests from the allowed origins. Remember to adjust the allowed origins and other settings based on your specific use case and security requirements.
Enabling Cross-Origin Resource Sharing (CORS) in a Spring Boot application allows you to handle requests from web browsers coming from different origins. By default, web browsers restrict cross-origin HTTP requests, but CORS allows you to specify which origins are allowed to access your Spring Boot API.
To enable CORS in a Spring Boot application, you can use the @CrossOrigin
annotation or configure it globally in your application using a WebMvcConfigurer
bean.
Here is how to enable CORS using both methods:
Using @CrossOrigin annotation:
You can apply the @CrossOrigin
annotation at the controller level or individual handler methods to allow cross-origin requests for specific endpoints.
Example - Applying @CrossOrigin at the controller level:
javaimport org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
@RequestMapping("/api")
@CrossOrigin(origins = "http://localhost:3000")
public class MyController {
// Your controller methods here...
}
In this example, we allow requests from http://localhost:3000
to access the API defined in the MyController
.
Global Configuration using WebMvcConfigurer:
You can also configure CORS globally in your Spring Boot application using a WebMvcConfigurer
bean.
Example:
javaimport org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@Configuration
public class CorsConfiguration implements WebMvcConfigurer {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/api/**")
.allowedOrigins("http://localhost:3000")
.allowedMethods("GET", "POST", "PUT", "DELETE")
.allowedHeaders("*")
.allowCredentials(true);
}
}
In this example, we have created a CorsConfiguration
class that implements WebMvcConfigurer
. We specify the allowed origins, methods, headers, and whether credentials (e.g., cookies) should be allowed.
Remember to replace http://localhost:3000
with the actual origin you want to allow in your application.
By enabling CORS, your Spring Boot application can handle cross-origin requests from specified origins without being blocked by web browsers. Its essential to configure CORS carefully, taking security considerations into account to avoid unintended access from unauthorized origins.