How do you enable cross-origin resource sharing (CORS) in a Spring Boot application?

Category : Interview Questions | Sub Category : Spring Boot Interview Questions | By Prasad Bonam Last updated: 2023-08-04 13:58:48 Viewed : 319

Enabling Cross-Origin Resource Sharing (CORS) in a Spring Boot application allows the application to handle requests from different origins (e.g., domains or ports) than the one the application is hosted on. This is a common requirement when building web applications that interact with APIs hosted on different domains. CORS is a security feature implemented by web browsers to prevent unauthorized cross-origin requests.

To enable CORS in a Spring Boot application, you can use the WebMvcConfigurer interface and override the addCorsMappings method to define the allowed origins, HTTP methods, headers, etc. Here is an example of how to enable CORS in a Spring Boot application:

  1. Create a configuration class (e.g., CorsConfig) that implements WebMvcConfigurer:
java
package com.example.demo.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

@Configuration
public class CorsConfig implements WebMvcConfigurer {

    @Override
    public void addCorsMappings(CorsRegistry registry) {
        registry.addMapping("/**") // Allow all endpoints to handle CORS
            .allowedOrigins("http://localhost:3000") // Allow requests from this origin
            .allowedMethods("GET", "POST", "PUT", "DELETE") // Allowed HTTP methods
            .allowedHeaders("*"); // Allowed request headers
    }
}

In this example, we are allowing CORS requests from http://localhost:3000 (replace this with your frontend applications origin) and allowing all endpoints in the application to handle CORS. You can customize the allowed origins, methods, headers, etc., as per your specific requirements.

  1. If you are using Spring Security, you may also need to configure CORS there. For example, you can configure CORS in your Security configuration class as follows:
java
package com.example.demo.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.cors().and().csrf().disable();
    }
}

By disabling CSRF protection (not recommended for production applications), you allow your frontend application to perform CORS requests without having to include CSRF tokens.

These configurations will enable CORS in your Spring Boot application, allowing it to handle requests from the allowed origins. Remember to adjust the allowed origins and other settings based on your specific use case and security requirements.


Enabling Cross-Origin Resource Sharing (CORS) in a Spring Boot application allows you to handle requests from web browsers coming from different origins. By default, web browsers restrict cross-origin HTTP requests, but CORS allows you to specify which origins are allowed to access your Spring Boot API.

To enable CORS in a Spring Boot application, you can use the @CrossOrigin annotation or configure it globally in your application using a WebMvcConfigurer bean.

Here is how to enable CORS using both methods:

  1. Using @CrossOrigin annotation: You can apply the @CrossOrigin annotation at the controller level or individual handler methods to allow cross-origin requests for specific endpoints.

    Example - Applying @CrossOrigin at the controller level:

    java
    import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
@RequestMapping("/api")
@CrossOrigin(origins = "http://localhost:3000")
public class MyController {
    // Your controller methods here...
}

    In this example, we allow requests from http://localhost:3000 to access the API defined in the MyController.

  2. Global Configuration using WebMvcConfigurer: You can also configure CORS globally in your Spring Boot application using a WebMvcConfigurer bean.

    Example:

    java
    import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

@Configuration
public class CorsConfiguration implements WebMvcConfigurer {
    @Override
    public void addCorsMappings(CorsRegistry registry) {
        registry.addMapping("/api/**")
                .allowedOrigins("http://localhost:3000")
                .allowedMethods("GET", "POST", "PUT", "DELETE")
                .allowedHeaders("*")
                .allowCredentials(true);
    }
}

    In this example, we have created a CorsConfiguration class that implements WebMvcConfigurer. We specify the allowed origins, methods, headers, and whether credentials (e.g., cookies) should be allowed.

Remember to replace http://localhost:3000 with the actual origin you want to allow in your application.

By enabling CORS, your Spring Boot application can handle cross-origin requests from specified origins without being blocked by web browsers. Its essential to configure CORS carefully, taking security considerations into account to avoid unintended access from unauthorized origins.

Search
Categories
Sub-Categories
Related Articles

Leave a Comment: