To enable CORS support in Spring MVC 4 - Access-Control-Allow-Origin

CORSFilter.java

package com.alkhodiry.mb.rest.filters;

import java.io.IOException;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.web.filter.OncePerRequestFilter;

/**
 * Enabling CORS support  - Access-Control-Allow-Origin
 * @author zeroows@gmail.com
 * 
 * <code>
 	<!-- Add this to your web.xml to enable "CORS" -->
	<filter>
	  <filter-name>cors</filter-name>
	  <filter-class>com.elm.mb.rest.filters.CORSFilter</filter-class>
	</filter>
	  
	<filter-mapping>
	  <filter-name>cors</filter-name>
	  <url-pattern>/*</url-pattern>
	</filter-mapping>
 * </code>
 */
public class CORSFilter extends OncePerRequestFilter {
	private static final Log LOG = LogFactory.getLog(CORSFilter.class);

	@Override
	protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
		response.addHeader("Access-Control-Allow-Origin", "*");
		
		if (request.getHeader("Access-Control-Request-Method") != null && "OPTIONS".equals(request.getMethod())) {
			LOG.trace("Sending Header....");
			// CORS "pre-flight" request
			response.addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE");
//			response.addHeader("Access-Control-Allow-Headers", "Authorization");
            response.addHeader("Access-Control-Allow-Headers", "Content-Type");
			response.addHeader("Access-Control-Max-Age", "1");
		}
		
		filterChain.doFilter(request, response);
	}

}

Thanks, this really helped out allot!

Thank you. It is simple and very useful.

Thank you very much, this worked for me!

Thanks

Hi, thanks for the snippet, do you know if it is possible to activate / deactivate the filter for example by changing a property ? i mean via java class not via xml.

Thanks

i am looking to every piece of code to fix my problem. This one seems nice. THANK YOU! You saved my day.

I am using similar code.. My request is getting through but my Authorization Header is coming as null
I have uncommented the line

Thanks

Thanks

Thanks!

Not working for me. I am unable to allow Authorization Header

Great! Thank you so much.

Gracias funciono muy bien

thank you so much . its work for me

Thanks, It helped me :)
XML Config also can do the same thing at Spring 4.2.x
Spring Doc

Where shall we put that class?

Funiona ! me ha salvado el dia gracias.

Thank you so much. You saved my day !!!!!!

Awesome...

is it really needed?

Spring has its own configuration: https://docs.spring.io/spring/docs/4.2.x/spring-framework-reference/html/cors.html
As well as Tomcat: https://tomcat.apache.org/tomcat-8.0-doc/config/filter.html#CORS_Filter