root
/
spring-framework
mirror of https://github.com/spring-projects/spring-framework.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Polish CORS documentation

This commit is contained in:
sdeleuze 2017-11-15 16:16:13 +01:00
parent 38040bf3f2
commit 9dd29f76ae
2 changed files with 25 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
spring-webflux/src/main/java/org/springframework/web/reactive/handler/AbstractHandlerMapping.java
View File

@ -151,8 +151,7 @@ public abstract class AbstractHandlerMapping extends ApplicationObjectSupport im
* <p>On CORS pre-flight requests this method should return a match not for * <p>On CORS pre-flight requests this method should return a match not for
* the pre-flight request but for the expected actual request based on the URL * the pre-flight request but for the expected actual request based on the URL
* path, the HTTP methods from the "Access-Control-Request-Method" header, and * path, the HTTP methods from the "Access-Control-Request-Method" header, and
* the headers from the "Access-Control-Request-Headers" header thus allowing * the headers from the "Access-Control-Request-Headers" header.
* the CORS configuration to be obtained via {@link #getCorsConfigurations},
* @param exchange current exchange * @param exchange current exchange
* @return {@code Mono} for the matching handler, if any * @return {@code Mono} for the matching handler, if any
*/ */

34
src/docs/asciidoc/web/webmvc-cors.adoc
View File

@ -38,7 +38,7 @@ Since CORS requests are automatically dispatched, you *do not need* to change th
[[mvc-cors-controller]] [[mvc-cors-controller]]
== @Controller CORS == @CrossOrigin
You can add an You can add an
{api-spring-framework}/web/bind/annotation/CrossOrigin.html[`@CrossOrigin`] {api-spring-framework}/web/bind/annotation/CrossOrigin.html[`@CrossOrigin`]
@ -54,12 +54,12 @@ it. By default `@CrossOrigin` allows all origins and the HTTP methods specified
public class AccountController { public class AccountController {
@CrossOrigin @CrossOrigin
@RequestMapping("/{id}") @GetMapping("/{id}")
public Account retrieve(@PathVariable Long id) { public Account retrieve(@PathVariable Long id) {
// ... // ...
} }
@RequestMapping(method = RequestMethod.DELETE, path = "/{id}") @DeleteMapping("/{id}")
public void remove(@PathVariable Long id) { public void remove(@PathVariable Long id) {
// ... // ...
} }
@ -76,12 +76,12 @@ It is also possible to enable CORS for the whole controller:
@RequestMapping("/account") @RequestMapping("/account")
public class AccountController { public class AccountController {
@RequestMapping("/{id}") @GetMapping("/{id}")
public Account retrieve(@PathVariable Long id) { public Account retrieve(@PathVariable Long id) {
// ... // ...
} }
@RequestMapping(method = RequestMethod.DELETE, path = "/{id}") @DeleteMapping("/{id}")
public void remove(@PathVariable Long id) { public void remove(@PathVariable Long id) {
// ... // ...
} }
@ -216,7 +216,7 @@ It is also possible to declare several CORS mappings with customized properties:
allows you to specify how the CORS requests should be processed: allowed origins, headers, methods, etc. allows you to specify how the CORS requests should be processed: allowed origins, headers, methods, etc.
It can be provided in various ways: It can be provided in various ways:
* {api-spring-framework}/web/servlet/handler/AbstractHandlerMapping.html#setCorsConfiguration-java.util.Map-[`AbstractHandlerMapping#setCorsConfiguration()`] * {api-spring-framework}/web/servlet/handler/AbstractHandlerMapping.html#setCorsConfigurations-java.util.Map-[`AbstractHandlerMapping#setCorsConfigurations()`]
allows to specify a `Map` with several {api-spring-framework}/web/cors/CorsConfiguration.html[CorsConfiguration] allows to specify a `Map` with several {api-spring-framework}/web/cors/CorsConfiguration.html[CorsConfiguration]
instances mapped to path patterns like `/api/**`. instances mapped to path patterns like `/api/**`.
* Subclasses can provide their own `CorsConfiguration` by overriding the * Subclasses can provide their own `CorsConfiguration` by overriding the
@ -232,10 +232,17 @@ It can be provided in various ways:
[[mvc-cors-filter]] [[mvc-cors-filter]]
== CORS Filter == CORS Filter
You can apply CORS checks through the built-in You can apply CORS support through the built-in
http://docs.spring.io/spring/docs/current/javadoc-api/org/springframework/web/filter/CorsFilter.html[`CorsFilter`] {api-spring-framework}/web/filter/CorsFilter.html[`CorsFilter`].
which can be used with http://projects.spring.io/spring-security/[Spring Security] and
ordered ahead of its chain of filters. To configure the filter pass a [NOTE]
====
Spring Security now provides
https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#cors[builtin support for CORS]
so you don't need to use a `CorsFilter`.
====
To configure the filter pass a
`CorsConfigurationSource` to its constructor: `CorsConfigurationSource` to its constructor:
[source,java,indent=0] [source,java,indent=0]
@ -252,6 +259,13 @@ source.registerCorsConfiguration("/**", config);
CorsFilter filter = new CorsFilter(source); CorsFilter filter = new CorsFilter(source);
---- ----
You can also easily permit all cross-origin requests for GET, HEAD, and POST requests by writing
[source,java,indent=0]
----
CorsFilter filter = new CorsFilter(exchange -> new CorsConfiguration().applyPermitDefaultValues());
----
Also the information on Also the information on
https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#cors[CORS] https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#cors[CORS]
in the Spring Security reference. in the Spring Security reference.