Enabling global CORS support

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Enabling global CORS support

Ron Cecchini

Hi, guys.

I have a Camel (3.4.2) + Spring Boot (2.3.1.RELEASE) web service using Undertow.

I ran into my first CORS (cross-origin resource sharing) issue, googled around, and solved it with @CrossOrigin.

My question has to do with why I could *not* solve it with restConfiguration().enableCORS(true) ?

With or without enableCORS(true), my headers were coming back:

    Connection         keep-alive
    Content-Type       application/json
    Date               Thu, 06 Aug 2020 22:47:53 GMT
    Transfer-Encoding  chunked

Only when I started using @CrossOrigin with all of my @RestController classes did I start getting:

    Connection         keep-alive
    Content-Type       application/json
    Date               Thu, 06 Aug 2020 22:54:47 GMT
    Transfer-Encoding  chunked
    Vary               Origin, Access-Control-Request-Method, Access-Control-Request-Headers

And all of my CORS problems went away.

But I imagine it *must* be possible to do the @CrossOrigin in a global way via the restConfiguration().

So what's the magic sauce I'm missing?

Is there something I should be doing with setCorsHeaders() and/or corsHeaderProperty()?
I would think not given the defaults listed at:
https://camel.apache.org/manual/latest/rest-dsl.html#_default_cors_headers

I'm suspecting some Annotation Sorcery I'm not aware of...

Thanks.
Reply | Threaded
Open this post in threaded view
|

Re: Enabling global CORS support

Mark Nuttall
I am pretty sure it is because the annotation is Spring and the other is
Camel and Spring is in control, not Camel. For a global way with spring,
see this -
https://spring.io/guides/gs/rest-service-cors/

On Fri, Aug 7, 2020 at 1:57 AM Ron Cecchini <[hidden email]> wrote:

>
> Hi, guys.
>
> I have a Camel (3.4.2) + Spring Boot (2.3.1.RELEASE) web service using
> Undertow.
>
> I ran into my first CORS (cross-origin resource sharing) issue, googled
> around, and solved it with @CrossOrigin.
>
> My question has to do with why I could *not* solve it with
> restConfiguration().enableCORS(true) ?
>
> With or without enableCORS(true), my headers were coming back:
>
>     Connection         keep-alive
>     Content-Type       application/json
>     Date               Thu, 06 Aug 2020 22:47:53 GMT
>     Transfer-Encoding  chunked
>
> Only when I started using @CrossOrigin with all of my @RestController
> classes did I start getting:
>
>     Connection         keep-alive
>     Content-Type       application/json
>     Date               Thu, 06 Aug 2020 22:54:47 GMT
>     Transfer-Encoding  chunked
>     Vary               Origin, Access-Control-Request-Method,
> Access-Control-Request-Headers
>
> And all of my CORS problems went away.
>
> But I imagine it *must* be possible to do the @CrossOrigin in a global way
> via the restConfiguration().
>
> So what's the magic sauce I'm missing?
>
> Is there something I should be doing with setCorsHeaders() and/or
> corsHeaderProperty()?
> I would think not given the defaults listed at:
> https://camel.apache.org/manual/latest/rest-dsl.html#_default_cors_headers
>
> I'm suspecting some Annotation Sorcery I'm not aware of...
>
> Thanks.
>