Explanation

What is CORS: Cross-Origin Resource Sharing (CORS) allows a frontend application (like React running on localhost:3000) to access backend APIs (like Spring Boot running on localhost:8080).

Code:

// Example scenario
// Frontend: http://localhost:3000
// Backend: http://localhost:8080
// Without CORS configuration, 
browser blocks the request

Explanation

Enable CORS at Controller Level: Use @CrossOrigin annotation directly on a controller class to allow requests from a specific origin.

Code:

@RestController
@RequestMapping("/api")
@CrossOrigin(origins = "http://localhost:3000")
public class UserController {

    @GetMapping("/users")
    public String getUsers() {
        return "Users List";
    }
}

Explanation

Enable CORS for a Specific API Method: Apply @CrossOrigin annotation on a particular endpoint instead of the whole controller.

Code:

@RestController
@RequestMapping("/api")
public class UserController {

    @CrossOrigin(origins = "http://localhost:3000")
    @GetMapping("/users")
    public String getUsers() {
        return "Users List";
    }
}

Explanation

Global CORS Configuration Using WebMvcConfigurer: Configure CORS for all controllers in one place.

Code:

@Configuration
public class CorsConfig implements 
WebMvcConfigurer {

    @Override
    public void addCorsMappings(CorsRegistry
 registry) {
        registry.addMapping("/**")
                .allowedOrigins("
http://localhost:3000")
                .allowedMethods("GET", 
"POST", "PUT", "DELETE")
                .allowedHeaders("*");
    }
}

Explanation

Allow Multiple Origins: Configure multiple frontend applications to access backend APIs.

Code:

registry.addMapping("/**")
        .allowedOrigins("
http://localhost:3000", 
"http://localhost:5173")
        .allowedMethods("GET", "POST", 
"PUT", "DELETE");

Explanation

Enable CORS with Credentials Support: Required when sending cookies or authorization tokens.

Code:

registry.addMapping("/**")
        .allowedOrigins("
http://localhost:3000")
        .allowedMethods("*")
        .allowCredentials(true);

Explanation

CORS Configuration with Spring Security: Required if Spring Security is enabled in the application.

Code:

@Bean
public SecurityFilterChain 
securityFilterChain(HttpSecurity http) 
throws Exception {
    http
        .cors().and()
        .csrf().disable()
        .authorizeHttpRequests(auth -> auth
            .anyRequest().permitAll()
        );

    return http.build();
}

Hackforge Academy

What is CORS:

Explanation

Code:

Explanation

Code:

Explanation

Code:

Explanation

Code:

Explanation

Code:

Explanation

Code:

Explanation

Code:

Join Our Free WhatsApp Community

Python Community

React Community

Java Community