صفحهٔ اصلی گشت‌و‌گذار راهنما
ثبت نام ورود
github
/
spring-security
mirrorاز https://github.com/spring-projects/spring-security
2
0
انشعاب 0
پرونده‌ها مشکلات 0 ویکی
درخت: 14fd213557
شاخه‌ها تگ‌ها
spring-security
/
docs
/
modules
/
ROOT
/
pages
/
reactive
/
integrations
/
cors.adoc

cors.adoc 2.1 KB
تاريخچه خام

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071 
  1. 

  2. [[webflux-cors]]
    3. 

  3. = CORS
    4. 

  4. 

  5. Spring Framework provides https://docs.spring.io/spring/docs/current/spring-framework-reference/web-reactive.html#webflux-cors-intro[first class support for CORS].
    6. 

  6. CORS must be processed before Spring Security because the pre-flight request will not contain any cookies (i.e. the `JSESSIONID`).
    7. 

  7. If the request does not contain any cookies and Spring Security is first, the request will determine the user is not authenticated (since there are no cookies in the request) and reject it.
    8. 

  8. 

  9. The easiest way to ensure that CORS is handled first is to use the `CorsWebFilter`.
    10. 

  10. Users can integrate the `CorsWebFilter` with Spring Security by providing a `CorsConfigurationSource`.
    11. 

  11. For example, the following will integrate CORS support within Spring Security:
    12. 

  12. 

  13. ====
    14. 

  14. .Java
    15. 

  15. [source,java,role="primary"]
    16. 

  16. ----
    17. 

  17. @Bean
    18. 

  18. CorsConfigurationSource corsConfigurationSource() {
    19. 

  19. 	CorsConfiguration configuration = new CorsConfiguration();
    20. 

  20. 	configuration.setAllowedOrigins(Arrays.asList("https://example.com"));
    21. 

  21. 	configuration.setAllowedMethods(Arrays.asList("GET","POST"));
    22. 

  22. 	UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    23. 

  23. 	source.registerCorsConfiguration("/**", configuration);
    24. 

  24. 	return source;
    25. 

  25. }
    26. 

  26. ----
    27. 

  27. 

  28. .Kotlin
    29. 

  29. [source,kotlin,role="secondary"]
    30. 

  30. ----
    31. 

  31. @Bean
    32. 

  32. fun corsConfigurationSource(): CorsConfigurationSource {
    33. 

  33.     val configuration = CorsConfiguration()
    34. 

  34.     configuration.allowedOrigins = listOf("https://example.com")
    35. 

  35.     configuration.allowedMethods = listOf("GET", "POST")
    36. 

  36.     val source = UrlBasedCorsConfigurationSource()
    37. 

  37.     source.registerCorsConfiguration("/**", configuration)
    38. 

  38.     return source
    39. 

  39. }
    40. 

  40. ----
    41. 

  41. ====
    42. 

  42. 

  43. The following will disable the CORS integration within Spring Security:
    44. 

  44. 

  45. ====
    46. 

  46. .Java
    47. 

  47. [source,java,role="primary"]
    48. 

  48. ----
    49. 

  49. @Bean
    50. 

  50. SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
    51. 

  51. 	http
    52. 

  52. 		// ...
    53. 

  53. 		.cors(cors -> cors.disable());
    54. 

  54. 	return http.build();
    55. 

  55. }
    56. 

  56. ----
    57. 

  57. 

  58. .Kotlin
    59. 

  59. [source,kotlin,role="secondary"]
    60. 

  60. ----
    61. 

  61. @Bean
    62. 

  62. fun springSecurityFilterChain(http: ServerHttpSecurity): SecurityWebFilterChain {
    63. 

  63.     return http {
    64. 

  64.         // ...
    65. 

  65.         cors {
    66. 

  66.             disable()
    67. 

  67.         }
    68. 

  68.     }
    69. 

  69. }
    70. 

  70. ----
    71. 

  71. ====
    72.