Spring CORS

CORS (Cross-Origin Resource Sharing)

It’s a mechanism to let a web application running at one domain, protocol or port have permission to access resources from a server at a different one.

This is needed if you have, for example, a Frontend running on port :3000 (React) consuming a Backend API running on port :34831 (custom port for Spring). Unless CORS are set, FE will not be able to access BE resources.

In Spring

It’s possible to enable them for a single RestResource or globally for the whole application.

(This example has been done in Kotlin)

By RestResource

class CourseRestResource {
  // dependencies and methods


This is done at a SpringConfig level, creating a new @Bean as follows.

@ComponentScan(basePackages = ["redacted"])
class SpringConfig {

  fun corsFilter(): CorsFilter {
    val origin = "http://localhost:3000"
    val headers = listOf("Origin", "Content-Type", "Accept")
    val methods = listOf("GET", "POST", "PUT", "OPTIONS", "DELETE")
    val source = UrlBasedCorsConfigurationSource()
    val config = CorsConfiguration()
    config.allowCredentials = true
    config.allowedOrigins = Collections.singletonList(origin)
    config.allowedHeaders = headers
    config.allowedMethods = methods
    source.registerCorsConfiguration("/**", config)
    return CorsFilter(source)