Uploaded image for project: 'Spring Framework'
  1. Spring Framework
  2. SPR-9278

CORS support

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Complete
    • Affects Version/s: 3.1.1
    • Fix Version/s: 4.2 RC1
    • Component/s: Web
    • Labels:
    • Last commented by a User:
      true

      Description

      Cross origin resource sharing (CORS) is a relevant spec these days with the emergence of HTML5 & JS clients that consume data via REST APIs. For a given app, in many cases the host that serves the JS (e.g. foo.com) is different than the host that serves the data (e.g. api.foo.com). In this case, CORS can enable the cross-domain communication.

      It would be useful if Spring MVC provided code & guidance on how to configure CORS when implementing a Java-backed REST API consumed by JS clients located in other domains. Prior work exists that would be a candidate for integration.

      See the resources below:
      CORS Spec: http://www.w3.org/TR/cors/
      Basic example of a CorsFilter implementation: https://gist.github.com/2232095
      What appears to be a full-featured CorsFilter implementation: https://bitbucket.org/jsumners/corsfilter

        Attachments

          Issue Links

          is related to

          New Feature - A new feature of the product, which has yet to be developed. SEC-2273 CORS Suport

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Task - A task that needs to be done. SPR-12316 Comprehensive strategy for securing Origins in web transports

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed
          relates to

          New Feature - A new feature of the product, which has yet to be developed. DATAREST-333 Handle OPTIONS request for CORS

          • Major - Major loss of function.
          • Closed

          Task - A task that needs to be done. SPR-11437 Undocumented auto CORS for websocket endpoint breaking existing CORS code

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

            Activity

              People

              Assignee:
              sdeleuze Sébastien Deleuze
              Reporter:
              kdonald Keith Donald
              Last updater:
              Spring Issues Spring Issues
              Votes:
              26 Vote for this issue
              Watchers:
              34 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Days since last comment:
                3 years, 24 weeks, 5 days ago