Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Complete
    • Affects Version/s: 3.1.1
    • Fix Version/s: 4.2 RC1
    • Component/s: Web
    • Labels:
    • Last commented by a User:
      true

      Description

      Cross origin resource sharing (CORS) is a relevant spec these days with the emergence of HTML5 & JS clients that consume data via REST APIs. For a given app, in many cases the host that serves the JS (e.g. foo.com) is different than the host that serves the data (e.g. api.foo.com). In this case, CORS can enable the cross-domain communication.

      It would be useful if Spring MVC provided code & guidance on how to configure CORS when implementing a Java-backed REST API consumed by JS clients located in other domains. Prior work exists that would be a candidate for integration.

      See the resources below:
      CORS Spec: http://www.w3.org/TR/cors/
      Basic example of a CorsFilter implementation: https://gist.github.com/2232095
      What appears to be a full-featured CorsFilter implementation: https://bitbucket.org/jsumners/corsfilter

        Issue Links

          Activity

          Hide
          sdeleuze Sébastien Deleuze added a comment -

          Since we use @CrossOrigin to annotate CORS enabled handler methods, I chose for the moment CrossOriginConfigurer, CrossOriginRegistration and configureCrossOrigin for global configuration API. More low level CORS stuff are still using Cors prefix as you noticed.

          But this is something that we may revisit, based on feedbacks and discussion in Spring Framework team.
          So thanks for your feedback, I will keep your informed.

          Show
          sdeleuze Sébastien Deleuze added a comment - Since we use @CrossOrigin to annotate CORS enabled handler methods, I chose for the moment CrossOriginConfigurer , CrossOriginRegistration and configureCrossOrigin for global configuration API. More low level CORS stuff are still using Cors prefix as you noticed. But this is something that we may revisit, based on feedbacks and discussion in Spring Framework team. So thanks for your feedback, I will keep your informed.
          Hide
          sdeleuze Sébastien Deleuze added a comment -

          I have renamed CrossOriginConfigurer to CorsConfigurer, CrossOriginRegistration to CorsRegistration and configureCrossOrigin to configureCors.

          Show
          sdeleuze Sébastien Deleuze added a comment - I have renamed CrossOriginConfigurer to CorsConfigurer , CrossOriginRegistration to CorsRegistration and configureCrossOrigin to configureCors .
          Hide
          wuethrich Fabian Wüthrich added a comment -

          This new feature is great and I want to implement this in my Spring Boot / AngularJS application. All request works fine but I can't logout my user because the OPTIONS-Request to /logout is handled by Spring Security. Should I open an issue in Spring Security project or is it possible to attach CORS-Headers in LogoutSuccessHandler?

          Show
          wuethrich Fabian Wüthrich added a comment - This new feature is great and I want to implement this in my Spring Boot / AngularJS application. All request works fine but I can't logout my user because the OPTIONS-Request to /logout is handled by Spring Security. Should I open an issue in Spring Security project or is it possible to attach CORS-Headers in LogoutSuccessHandler?
          Hide
          sdeleuze Sébastien Deleuze added a comment -

          Fabian Wüthrich Could you please create a StackOverflow question for that and add a comment here with the link? I will answer you on SO.

          Show
          sdeleuze Sébastien Deleuze added a comment - Fabian Wüthrich Could you please create a StackOverflow question for that and add a comment here with the link? I will answer you on SO.
          Hide
          wuethrich Fabian Wüthrich added a comment -
          Show
          wuethrich Fabian Wüthrich added a comment - Thank for the fast reply. The question ist here http://stackoverflow.com/questions/34154711/spring-security-logout-doesnt-work-with-spring-4-cors

            People

            • Assignee:
              sdeleuze Sébastien Deleuze
              Reporter:
              kdonald Keith Donald
              Last updater:
              Fabian Wüthrich
            • Votes:
              26 Vote for this issue
              Watchers:
              34 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since last comment:
                1 year, 41 weeks, 1 day ago