How to configure cors WebFilter based on active profile?-CodePudding

I am using Spring Reactive Web (created from https://start.spring.io/).

We have a deployed dev server, using dev profile, for frontend developers to integrate backend API. Therefore, globally for all requests, I need to add cors headers (e.g. Access-Control-Allow-Origin: *) and return 200 to prefight OPTIONS requests so that dev server allows API calls from localhost.

I want to configure this only on dev server, based on profile, while production server remains default cors configuation.

How can I configure cors through maybe WebFilter?

CodePudding user response：

One of the ways to achieve it is to register WebFilter bean for the corresponding profile only using @Profile annotation and then add corresponding header

@Component
@Profile("dev")
public class CorsHeaderWebFilter implements WebFilter {

    @Override
    public Mono<Void> filter(ServerWebExchange serverWebExchange, WebFilterChain webFilterChain) {
        if (HttpMethod.OPTIONS.equals(serverWebExchange.getRequest().getMethod())) {
            serverWebExchange.getResponse().getHeaders().add("Access-Control-Allow-Origin", "*");
        }

        return webFilterChain.filter(serverWebExchange);
    }
}

CodePudding user response：

There are several ways

If you dont use spring security create your own config and use the built in filter:

@Configuration
@Profile("dev")
public class CorsConfig {

    @Bean
    public CorsWebFilter corsWebFilter() {
        final CorsConfiguration corsConfig = new CorsConfiguration();
        corsConfig.setAllowedOrigins(Collections.singletonList("*"));
        corsConfig.setMaxAge( ... );
        corsConfig.addAllowedMethod( ... );

        final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", corsConfig);

        return new CorsWebFilter(source);
    }
}

If using spring security and you want to allow a csrf token header for instance from local host:

@Configuration
@Profile("dev")
public class CorsConfig {

    @Bean
    public CorsConfigurationSource cors() {
        final CorsConfiguration configuration = new CorsConfiguration();
        configuration.setAllowedOrigins(Arrays.asList("http://localhost:3000"));
        configuration.setAllowedMethods(Arrays.asList("GET","POST", "OPTIONS"));
        configuration.setAllowedHeaders(Arrays.asList("content-type", "x-xsrf-token"));
        configuration.setAllowCredentials(true);
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", configuration);
        return source;
    }
}