Skip to content

SDA Commons Server CORS

javadoc

The CORS bundle adds a CORS filter to the servlet to allow cross-origin resource sharing for this service. By doing so, UIs from other origins are allowed to access the service.

Initialization

To include the CORS filter in an application, the bundle has to be added to the application:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
public class MyApplication extends Application<MyConfiguration> {

    public static void main(final String[] args) {
        new MyApplication().run(args);
    }

   @Override
   public void initialize(Bootstrap<MyConfiguration> bootstrap) {
      // ...
      bootstrap.addBundle(CorsBundle.builder().withCorsConfigProvider(MyConfiguration::getCors).build());
      // ...
   }

   @Override
   public void run(MyConfiguration configuration, Environment environment) {
      // ...
   }
}

Configuration

The CORS bundle requires an environment specific configuration in your YAML. Otherwise, no CORS headers will be added to the response and therefore cross-origin resource sharing will fail.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
cors:
  # List of origins that are allowed to use the service. "*" allows all origins
  allowedOrigins:
    - "*"
  # Alternative: If the origins should be restricted, you should add the pattern
  # allowedOrigins:
  #    - https://*.sdase.com
  #    - https://*test.sdase.com
  # To use configurable patterns per environment the Json in Yaml syntax may be used with an environment placeholder:
  # allowedOrigins: ${CORS_ALLOWED_ORIGINS:-["*"]}

Application specific allowed headers, exposed headers and HTTP methods can be configured in the builder.