How to disable CORS restrictions in Spring Boot App
I deployed Spring Boot app as backend and Angular app as frontend to heroku and faced CORS restrictions.
I tried to get rid from CORS restriction within UI tuning server.js, but didn’t succeeded. Finally I came across solution which suggested to add Filter to Spring Boot server which will intercep HTTP queries and add CORS-allowing headers to response.
This is my filter implementation.
import org.springframework.stereotype.Component;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
* Cors filter allowing cross-domain requests
* Needed for Heroku deployment
*
* @author valeryyakovlev
*/
@Component
public class CorsFilter implements Filter {
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) res;
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Methods", "POST, PUT, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "Content-Type, Authorization, Content-Length, X-Requested-With");
chain.doFilter(req, res);
}
}
In the initial version of this filter, there was short version of Access-Control-Allow-Headers list: there was only “X-Requested-With”. My interactions didn’t work because “Content-Type” header was missing. So I extended list of …Allow-Headers with this:
response.setHeader("Access-Control-Allow-Headers", "Content-Type, Authorization, Content-Length, X-Requested-With");