root
/
spring-boot
mirror of https://github.com/spring-projects/spring-boot.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Document Actuator's CORS support 

Closes gh-3010
This commit is contained in:
Stephane Nicoll 2015-10-27 11:41:30 +01:00
parent 17f61c1dad
commit fdf75d3ede
2 changed files with 21 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc
View File

@ -767,7 +767,7 @@ content into your application; rather pick only the properties that you need.
endpoints.liquibase.id=liquibase
endpoints.liquibase.sensitive=false
# ENDPOINTS CORS CONFIGURATION ({sc-spring-boot-actuator}/autoconfigure/MvcEndpointCorsProperties.{sc-ext}[MvcEndpointCorsProperties])
# ENDPOINTS CORS CONFIGURATION ({sc-spring-boot-actuator}/autoconfigure/EndpointCorsProperties.{sc-ext}[EndpointCorsProperties])
endpoints.cors.allow-credentials= # set whether user credentials are support. When not set, credentials are not supported.
endpoints.cors.allowed-origins= # comma-separated list of origins to allow. * allows all origins. When not set, CORS support is disabled.
endpoints.cors.allowed-methods= # comma-separated list of methods to allow. * allows all methods. When not set, defaults to GET.

20
spring-boot-docs/src/main/asciidoc/production-ready-features.adoc
View File

@ -186,6 +186,26 @@ If the https://github.com/mikekelly/hal-browser[HAL Browser] is on the classpath
via its webjar (`org.webjars:hal-browser`), or via the `spring-data-rest-hal-browser` then
an HTML "`discovery page`", in the form of the HAL Browser, is also provided.
[[production-ready-endpoint-cors]]
=== CORS support
http://en.wikipedia.org/wiki/Cross-origin_resource_sharing[Cross-origin resource sharing]
(CORS) is a http://www.w3.org/TR/cors/[W3C specification] that allows you to specify in a
flexible way what kind of cross domain requests are authorized. Actuator's MVC endpoints
can be configured to support such scenario.
CORS support is disabled by default and is only enabled once the
`endpoints.cors.allowed-origins` property has been set. The configuration below permits
`GET` and `POST` calls from the `example.com` domain:
[source,properties,indent=0]
----
endpoints.cors.allowed-origins=http://example.com
endpoints.cors.allowed-methods=GET,POST
----
TIP: Check {sc-spring-boot-actuator}/autoconfigure/EndpointCorsProperties.{sc-ext}[EndpointCorsProperties]
for a complete list of options.
[[production-ready-customizing-endpoints-programmatically]]