6.29.3 Configuring CORS
Micronaut supports CORS (Cross Origin Resource Sharing) out of the box. By default, CORS requests are rejected. To enable processing of CORS requests, modify your configuration. For example with application.yml
:
CORS Configuration Example
micronaut:
server:
cors:
enabled: true
By only enabling CORS processing, a “wide open” strategy is adopted that allows requests from any origin.
To change the settings for all origins or a specific origin, change the configuration to provide one or more “configurations”. By providing any configuration, the default “wide open” configuration is not configured.
CORS Configurations
micronaut:
server:
cors:
enabled: true
configurations:
all:
...
web:
...
mobile:
...
In the above example, three configurations are provided. Their names (all
, web
, mobile
) are not important and have no significance inside Micronaut. They are there purely to be able to easily recognize the intended user of the configuration.
The same configuration properties can be applied to each configuration. See CorsOriginConfiguration for properties that can be defined. The values of each configuration supplied will default to the default values of the corresponding fields.
When a CORS request is made, configurations are searched for allowed origins that match exactly or match the request origin through a regular expression.