How to disable CORS restrictions in Spring Boot App

I deployed Spring Boot app as backend and Angular app as frontend to heroku and faced CORS restrictions.

I tried to get rid from CORS restriction within UI tuning server.js, but didn’t succeeded. Finally I came across solution which suggested to add Filter to Spring Boot server which will intercep HTTP queries and add CORS-allowing headers to response.

This is my filter implementation.

import org.springframework.stereotype.Component;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * Cors filter allowing cross-domain requests
 * Needed for Heroku deployment
 *
 * @author valeryyakovlev
 */
@Component
public class CorsFilter implements Filter {

    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
        HttpServletResponse response = (HttpServletResponse) res;
        response.setHeader("Access-Control-Allow-Origin", "*");
        response.setHeader("Access-Control-Allow-Methods", "POST, PUT, GET, OPTIONS, DELETE");
        response.setHeader("Access-Control-Max-Age", "3600");
        response.setHeader("Access-Control-Allow-Headers", "Content-Type, Authorization, Content-Length, X-Requested-With");
        chain.doFilter(req, res);
    }
}

In the initial version of this filter, there was short version of Access-Control-Allow-Headers list: there was only “X-Requested-With”. My interactions didn’t work because “Content-Type” header was missing. So I extended list of …Allow-Headers with this:

response.setHeader("Access-Control-Allow-Headers", "Content-Type, Authorization, Content-Length, X-Requested-With");