Cross-Origin Resource Sharing
CROSS is a system that allows client web applications (such as JavaScript code) loaded on one domain to interact with resources located on a different domain.
Origin: An "Origin" (or source) URL consists of three parts: Protocol (scheme): Such as http or https. Domain (host): Such as a143mk.blogspot.com or localhost. Port (port number): Such as 8080 or 3000. If any of these three parts are different in a request, it is called a Cross-Origin request.
Example:
If your frontend (endpoints.com) sends a request to a backend API (api.com), it is Cross-Origin and will be intercepted by the browser. CORS is a way to relax this security restriction in a controlled manner, allowing legitimate cross-origin communication.
Origin: An "Origin" (or source) URL consists of three parts: Protocol (scheme): Such as http or https. Domain (host): Such as a143mk.blogspot.com or localhost. Port (port number): Such as 8080 or 3000. If any of these three parts are different in a request, it is called a Cross-Origin request.
Example:
If your frontend (endpoints.com) sends a request to a backend API (api.com), it is Cross-Origin and will be intercepted by the browser. CORS is a way to relax this security restriction in a controlled manner, allowing legitimate cross-origin communication.
Configuring CORS globally in Spring Boot is the preferred approach, as it saves you from having to apply the @CrossOrigin annotation to every controller or method and keeps the configuration centralized.
Example: This method defines global CORS settings
- addMapping("/**"): This indicates that the CORS mapping will apply to all paths.
- allowedOrigins: Defines the client origins that are allowed to access your API.
- allowedMethods: The HTTP methods that are allowed.
- allowedHeaders: Allows all headers sent by the client.
- allowedCredentials: Set this to 'true' if the client is using cookies or HTTP authentication.
- maxAge: The time (in seconds) to cache the results of a pre-flight request.
Subscribe to:
Comments
(
Atom
)
