public class CustomCorsFilter extends OncePerRequestFilter { @Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { response.setHeader("Access-Control-Allow-Origin", request.getHeader("origin")); response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE"); response.setHeader("Access-Control-Allow-Headers", "x-requested-with,Authorization, token"); response.setHeader("Access-Control-Allow-Credentials", "true"); response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin")); filterChain.doFilter(request, response); } }
@Configuration public class CorsConfig { @Bean public FilterRegistrationBean customCorsfilterRegistrationBean() { FilterRegistrationBean<CustomCorsFilter> filterRegistrationBean = new FilterRegistrationBean<>(); filterRegistrationBean.setFilter(new CustomCorsFilter()); filterRegistrationBean.setOrder(Ordered.HIGHEST_PRECEDENCE); filterRegistrationBean.addUrlPatterns("/*"); return filterRegistrationBean; } }