/** * Constructor which creates an interceptor with default CORS configuration for use in * a FHIR server. This includes: * <ul> * <li>Allowed Origin: *</li> * <li>Allowed Header: Accept</li> * <li>Allowed Header: Access-Control-Request-Headers</li> * <li>Allowed Header: Access-Control-Request-Method</li> * <li>Allowed Header: Cache-Control</li> * <li>Exposed Header: Content-Location</li> * <li>Allowed Header: Content-Type</li> * <li>Exposed Header: Location</li> * <li>Allowed Header: Origin</li> * <li>Allowed Header: Prefer</li> * <li>Allowed Header: X-Requested-With</li> * </ul> * Note that this configuration is useful for quickly getting CORS working, but * in a real production system you probably want to consider whether it is * appropriate for your situation. In particular, using "Allowed Origin: *" * isn't always the right thing to do. */ public CorsInterceptor() { this(createDefaultCorsConfig()); }
/** * Constructor which accepts the given configuration * * @param theConfiguration * The CORS configuration */ public CorsInterceptor(CorsConfiguration theConfiguration) { Validate.notNull(theConfiguration, "theConfiguration must not be null"); myCorsProcessor = new DefaultCorsProcessor(); setConfig(theConfiguration); }
CorsInterceptor corsInterceptor = new CorsInterceptor(); registerInterceptor(corsInterceptor);
@Override protected void initialize() throws ServletException { // ... define your resource providers here ... // Define your CORS configuration. This is an example // showing a typical setup. You should customize this // to your specific needs CorsConfiguration config = new CorsConfiguration(); config.addAllowedHeader("x-fhir-starter"); config.addAllowedHeader("Origin"); config.addAllowedHeader("Accept"); config.addAllowedHeader("X-Requested-With"); config.addAllowedHeader("Content-Type"); config.addAllowedOrigin("*"); config.addExposedHeader("Location"); config.addExposedHeader("Content-Location"); config.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH")); // Create the interceptor and register it CorsInterceptor interceptor = new CorsInterceptor(config); registerInterceptor(interceptor); }
public class WebMvcConfig extends WebMvcConfigurerAdapter { @Override public void addInterceptors(InterceptorRegistry registry) { registry.addInterceptor(new CorsInterceptor(Arrays.asList("'http://myApplication.myDomain.net","http://www.myApplication.myDomain.net"))); } ... }
/** * Constructor which accepts the given configuration * * @param theConfiguration * The CORS configuration */ public CorsInterceptor(CorsConfiguration theConfiguration) { Validate.notNull(theConfiguration, "theConfiguration must not be null"); myCorsProcessor = new DefaultCorsProcessor(); setConfig(theConfiguration); }
/** * Constructor which creates an interceptor with default CORS configuration for use in * a FHIR server. This includes: * <ul> * <li>Allowed Origin: *</li> * <li>Allowed Header: Accept</li> * <li>Allowed Header: Access-Control-Request-Headers</li> * <li>Allowed Header: Access-Control-Request-Method</li> * <li>Allowed Header: Cache-Control</li> * <li>Exposed Header: Content-Location</li> * <li>Allowed Header: Content-Type</li> * <li>Exposed Header: Location</li> * <li>Allowed Header: Origin</li> * <li>Allowed Header: Prefer</li> * <li>Allowed Header: X-Requested-With</li> * </ul> * Note that this configuration is useful for quickly getting CORS working, but * in a real production system you probably want to consider whether it is * appropriate for your situation. In particular, using "Allowed Origin: *" * isn't always the right thing to do. */ public CorsInterceptor() { this(createDefaultCorsConfig()); }