spring-framework / org.springframework.web.filter / CorsFilter


open class CorsFilter : OncePerRequestFilter

javax.servlet.Filter that handles CORS preflight requests and intercepts CORS simple and actual requests thanks to a CorsProcessor implementation (DefaultCorsProcessor by default) in order to add the relevant CORS response headers (like Access-Control-Allow-Origin) using the provided CorsConfigurationSource (for example an UrlBasedCorsConfigurationSource instance.

This is an alternative to Spring MVC Java config and XML namespace CORS configuration, useful for applications depending only on spring-web (not on spring-webmvc) or for security constraints requiring CORS checks to be performed at javax.servlet.Filter level.

This filter could be used in conjunction with DelegatingFilterProxy in order to help with its initialization.

Sebastien Deleuze


See Also
<a href="http://www.w3.org/TR/cors/">CORS W3C recommendation</a>



CorsFilter(configSource: CorsConfigurationSource)

Constructor accepting a CorsConfigurationSource used by the filter to find the CorsConfiguration to use for each incoming request.



open fun setCorsProcessor(processor: CorsProcessor): Unit

Configure a custom CorsProcessor to use to apply the matched CorsConfiguration for a request.

By default DefaultCorsProcessor is used.