root
/
spring-boot
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

Document Actuator's CORS support

Browse Source 
Closes gh-3010
pull/4304/merge
Stephane Nicoll 9 years ago
parent 17f61c1dad
commit fdf75d3ede
2 changed files with 21 additions and 1 deletions
Show Stats Download Patch File Download Diff File

2
spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc
Unescape Escape View File

@ -767,7 +767,7 @@ content into your application; rather pick only the properties that you need.
endpoints.liquibase.id=liquibase
endpoints.liquibase.sensitive=false
# ENDPOINTS CORS CONFIGURATION ({sc-spring-boot-actuator}/autoconfigure/MvcEndpointCorsProperties.{sc-ext}[MvcEndpointCorsProperties])
# ENDPOINTS CORS CONFIGURATION ({sc-spring-boot-actuator}/autoconfigure/EndpointCorsProperties.{sc-ext}[EndpointCorsProperties])
endpoints.cors.allow-credentials= # set whether user credentials are support. When not set, credentials are not supported.
endpoints.cors.allowed-origins= # comma-separated list of origins to allow. * allows all origins. When not set, CORS support is disabled.
endpoints.cors.allowed-methods= # comma-separated list of methods to allow. * allows all methods. When not set, defaults to GET.

20
spring-boot-docs/src/main/asciidoc/production-ready-features.adoc
Unescape Escape View File

@ -186,6 +186,26 @@ If the https://github.com/mikekelly/hal-browser[HAL Browser] is on the classpath
via its webjar (`org.webjars:hal-browser`), or via the `spring-data-rest-hal-browser` then
an HTML "`discovery page`", in the form of the HAL Browser, is also provided.
[[production-ready-endpoint-cors]]
=== CORS support
http://en.wikipedia.org/wiki/Cross-origin_resource_sharing[Cross-origin resource sharing]
(CORS) is a http://www.w3.org/TR/cors/[W3C specification] that allows you to specify in a
flexible way what kind of cross domain requests are authorized. Actuator's MVC endpoints
can be configured to support such scenario.
CORS support is disabled by default and is only enabled once the
`endpoints.cors.allowed-origins` property has been set. The configuration below permits
`GET` and `POST` calls from the `example.com` domain:
[source,properties,indent=0]
----
endpoints.cors.allowed-origins=http://example.com
endpoints.cors.allowed-methods=GET,POST
----
TIP: Check {sc-spring-boot-actuator}/autoconfigure/EndpointCorsProperties.{sc-ext}[EndpointCorsProperties]
for a complete list of options.
[[production-ready-customizing-endpoints-programmatically]]

Write Preview
Loading…
Cancel
Save