Open JanVDL1975 opened 11 months ago
CORS, or Cross-Origin Resource Sharing, is a security feature implemented by web browsers to control which web pages are allowed to access resources on a different domain. If your Spring Boot application is serving resources that are being requested by a web page from a different domain, you might encounter CORS issues.
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.web.servlet.config.annotation.CorsRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@Configuration public class CorsConfig {
@Bean
public WebMvcConfigurer corsConfigurer() {
return new WebMvcConfigurer() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedOrigins("http://your-allowed-origin.com")
.allowedMethods("GET", "POST", "PUT", "DELETE")
.allowCredentials(true);
}
};
}
}
@Bean SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception
add filters for security.
CSRF, or Cross-Site Request Forgery, is a type of attack where an attacker tricks a user's browser into making an unintended request. To protect against CSRF attacks in a Spring Boot application, you can use CSRF tokens.
Add Spring security - configurations at endpoint level, possibly custom filters, CORS and CSRF.