Skip to content

Instantly share code, notes, and snippets.

@kjunine
Created November 19, 2013 13:00
Show Gist options
  • Save kjunine/7545008 to your computer and use it in GitHub Desktop.
Save kjunine/7545008 to your computer and use it in GitHub Desktop.
CrossOriginResourceSharingFilter (using Spring MVC) If you want to handle OPTIONS method, you should use Filter instead of Interceptor.
package utils;
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.web.filter.OncePerRequestFilter;
public class CrossOriginResourceSharingFilter extends OncePerRequestFilter {
@Override
protected void doFilterInternal(HttpServletRequest request,
HttpServletResponse response, FilterChain filterChain)
throws ServletException, IOException {
FilterConfig config = getFilterConfig();
String allowOrigin = config.getInitParameter("allowOrigin");
String maxAge = config.getInitParameter("maxAge");
if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {
String requestedMethod = request
.getHeader("Access-Control-Request-Method");
String requestedHeaders = request
.getHeader("Access-Control-Request-Headers");
response.setHeader("Access-Control-Allow-Origin", allowOrigin);
response.setHeader("Access-Control-Allow-Methods", requestedMethod);
response.setHeader("Access-Control-Allow-Headers", requestedHeaders);
response.setHeader("Access-Control-Max-Age", maxAge);
} else {
response.setHeader("Access-Control-Allow-Origin", allowOrigin);
response.setHeader("Access-Control-Allow-Methods", "*");
response.setHeader("Access-Control-Allow-Headers", "*");
response.setHeader("Access-Control-Max-Age", maxAge);
}
filterChain.doFilter(request, response);
}
}
<filter>
<filter-name>cors-filter</filter-name>
<filter-class>utils.CrossOriginResourceSharingFilter</filter-class>
<async-supported>true</async-supported>
<init-param>
<param-name>allowOrigin</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>maxAge</param-name>
<param-value>86400</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>cors-filter</filter-name>
<url-pattern>/api/*</url-pattern>
</filter-mapping>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment