1
Fork 0
No description
This repository has been archived on 2026-03-10. You can view files and clone it, but you cannot make any changes to its state, such as pushing and creating new issues, pull requests or comments.
Find a file
2018-05-29 17:50:44 -04:00
gradle/wrapper Update Gradle wrapper. 2018-03-07 19:59:00 -05:00
src Make it possible to configure the allowed HTTP methods. 2018-03-20 21:01:12 -07:00
.gitignore Remove accidentally-committed binaries in /out/. 2017-02-15 23:36:06 -05:00
build.gradle Merge commit 'pull/13' 2018-05-29 17:50:44 -04:00
CONTRIBUTORS.md Added my name to CONTRIBUTORS.md 2018-04-20 13:38:42 +02:00
gradlew Update Gradle wrapper. 2018-03-07 19:59:00 -05:00
gradlew.bat Basic Gradle build skeleton and wrapper. 2017-02-15 23:18:42 -05:00
LICENSE.md Update CONTRIBUTORS.md and LICENSE.md 2018-03-13 12:34:27 -04:00
README.md Allow for the configuration of allowed headers. 2018-01-08 20:00:12 -05:00
settings.gradle Basic Gradle build skeleton and wrapper. 2017-02-15 23:18:42 -05:00

Dropwizard Simple CORS

A bundle providing simple CORS configuration for your Dropwizard apps.

This bundle configures Jetty's built-in CorsFilter to allow all requests and methods from a list of known origins, which may include wildcards. The origins can be configured either in your application's config file, or in an environment variable for platforms such as Heroku.

Usage

  1. Add this module as a dependency for your application.

    This library is hosted on JCenter. To add it to your project, first add the JCenter repository:

    • Maven:

      <repositories>
          <repository>
              <id>jcenter</id>
              <url>https://jcenter.bintray.com/</url>
          </repository>
      </repositories>
      
    • Gradle:

      repositories {
          jcenter()
      }
      

    Then add the following dependency:

    • Maven:

      <dependency>
          <groupId>ca.grimoire.dropwizard.cors</groupId>
          <artifactId>dropwizard-simple-cors</artifactId>
          <version>VERSION</version>
      </dependency>
      
    • Gradle:

      dependencies {
          # ...
          compile group: 'ca.grimoire.dropwizard.cors', name: 'dropwizard-simple-cors', version: 'VERSION'
      }
      

    Replacing VERSION with the version you wish to use.

  2. Implement CrossOriginFilterFactoryHolder on your configuration class.

    import io.dropwizard.Configuration;
    import ca.grimoire.dropwizard.cors.config.CrossOriginFilterFactory;
    import ca.grimoire.dropwizard.cors.config.CrossOriginFilterFactoryHolder;
    
    public class MyConfiguration extends Configuration implements CrossOriginFilterFactoryHolder {
        private CrossOriginFilterFactory cors = new CrossOriginFilterFactory();
    
        public void setCors(CrossOriginFilterFactory cors) {
            this.cors = cors;
        }
    
        @Override
        public CrossOriginFilterFactory getCors() {
            return cors;
        }
    }
    
  3. Register CorsBundle in your application class.

    import ca.grimoire.dropwizard.cors.CorsBundle;
    
    import io.dropwizard.Application;
    import io.dropwizard.setup.Bootstrap;
    
    public class MyApplication extends Application<MyConfiguration> {
    
        @Override
        public void initialize(Bootstrap<MyConfiguration> bootstrap) {
            bootstrap.addBundle(new CorsBundle<MyConfiguration>());
        }
    
    }
    
  4. Configure the list of origins you wish to authorize, either in your configuration file or through the CORS_ORIGINS environment variable.

    cors:
      origins: "*"
    

    I make no statements about the advisability of configuring CORS that way. Your needs may differ.

  5. Configure the list of allowed headers, either in your configuration file or through the CORS_ALLOWED_HEADERS environment variable.

    cors:
      allowedHeaders: "Authorization,X-Requested-With,Content-Type,Accept,Origin"
    

Your application will respond both to simple CORS requests and to CORS preflight (OPTIONS) requests, and authorize them if they originate from one of the allowed origins.

Origins

An origin is a protocol name and an authority, as in a URL: proto://host, or proto://host:port. The authority (host:port part) may contain the wildcard *, which matches any string of characters and may span multiple segments of a domain name or port number.

Each provided origin will be tested against the Origin header of each incoming CORS request. If the origin matches, the request is authorized.

For development, the default list of allowed origins contains only http://localhost:*, to allow front-end applications hosted locally to call your service. For deployment, you must set the list of allowed origins to a sensible value.