CORS support

Warning
 Hey there! Seems like you are still using the documentation of our legacy Java repository. Since it won’t be maintained anymore, we recommend you to checkout the new Java page here.

When you are developing Javascript client and server application separately, you have to deal with cross domain issues. We have to request from a origin domain distinct to target domain and browser does not allow this.

So , we need to prepare server side to accept request from other domains. We need to cover the following points:

  • Accept request from other domains.

  • Accept devonfw used headers like X-CSRF-TOKEN or correlationId.

  • Be prepared to receive secured request (cookies).

It is important to note that if you are using security in your request (sending cookies) you have to set withCredentials flag to true in your client side request and deal with special IE8 characteristics.

For more information about CORS see here. Information about the CORS headers can be found here.

Configuring CORS support

Warning
 Hey there! Seems like you are still using the documentation of our legacy Java repository. Since it won’t be maintained anymore, we recommend you to checkout the new Java page here.

To enable CORS support for your application, see the advanced guides. For Spring applications see here. For Quarkus follow the official Quarkus guide.

Configuration with service mesh

Warning
 Hey there! Seems like you are still using the documentation of our legacy Java repository. Since it won’t be maintained anymore, we recommend you to checkout the new Java page here.

If you are using a service mesh, you can also define your CORS policy directly there. Here is an example from Istio.

← Previous: Security | ↑ Up: General | ⌂ Home: devonfw guide | Next: Java Development Kit →

Last updated 2022-12-07 17:55:51 UTC