:toc: macro
toc::[]

= CORS configuration in Spring

== Dependency

To enable the CORS support from the server side for your devon4j-Spring application, add the below dependency:

[source,xml]
----
<dependency>
  <groupId>com.devonfw.java.starters</groupId>
  <artifactId>devon4j-starter-security-cors</artifactId>
</dependency>
----

== Configuration

Add the below properties in your application.properties file:

[source]
----
#CORS support
security.cors.spring.allowCredentials=true
security.cors.spring.allowedOriginPatterns=*
security.cors.spring.allowedHeaders=*
security.cors.spring.allowedMethods=OPTIONS,HEAD,GET,PUT,POST,DELETE,PATCH
security.cors.pathPattern=/**
----


[cols="1,1,1"]
|===
|Attribute |Description |HTTP Header

|allowCredentials
|Decides the browser should include any cookies associated with the request (`true` if cookies should be included).
|Access-Control-Allow-Credentials

|allowedOrigins
|List of allowed origins (use `*` to allow all orgins).
|Access-Control-Allow-Origin

|allowedMethods
|List of allowed HTTP request methods (`OPTIONS`, `HEAD`, `GET`, `PUT`, `POST`, `DELETE`, `PATCH`, etc.).
|-

|allowedHeaders
|List of allowed headers that can be used during the request (use `*` to allow all headers requested by the client)
|Access-Control-Allow-Headers

|pathPattern
|Ant-style pattern for the URL paths where to apply CORS. Use "/**" to match all URL paths.
|
|===