I want to allow cross origin requests for one domain. My project uses Spring, so I want to use the new CORS support.
I am using version 4.2.0 for all springframework dependencies.
I followed the example here https://spring.io/blog/2015/06/08/cors-support-in-spring-framework#disqus_thread and tried the first version. My controller annotations look like this:
@CrossOrigin(origins = "http://fiddle.jshell.net/", maxAge = 3600) @Controller @RequestMapping("/rest") public class MyController
If I understood correctly, mvc-config is an alternative method. I also tried:
<mvc:cors> <mvc:mapping path="/**" allowed-origins="http://fiddle.jshell.net/, http://domain2.com" allowed-methods="GET, PUT" allowed-headers="header1, header2, header3" exposed-headers="header1, header2" allow-credentials="false" max-age="123" /> </mvc:cors>
In both methods, the answer does not seem to contain anything like Access-Control-Allow-Origin , and I cannot get the result back through a simple request from jsfiddle.
The header information from the Chrome developer tools on startup and access from localhost is given below. In this case, the request is executed from one domain, not through javascript, but I thought the CORS annotation would add access control parameters anyway?
Answer headers:
Content-Length:174869 Content-Type:text/html;charset=UTF-8 Date:Fri, 21 Aug 2015 12:21:09 GMT Server:Apache-Coyote/1.1
Request Header:
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*\/*;q=0.8 Accept-Encoding:gzip, deflate, sdch Accept-Language:en-US,en;q=0.8,ro;q=0.6,de;q=0.4,fr;q=0.2 Cache-Control:no-cache Connection:keep-alive Cookie:JSESSIONID=831EBC138D2B7E176DF4945ADA05CAC1;_ga=GA1.1.1046500342.1404228238; undefined=0 Host:localhost:8080 Pragma:no-cache Upgrade-Insecure-Requests:1 User-Agent:Mozilla/5.0(Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
I do not use Spring boot, and I suppose I skipped the configuration step.