Cross-origin HTTP Request

If your front-end web UI and back-end restful API are stored in different domains, such as:


Due to security reason, web browser will return you with the below error:


Please note that even different ports will treat as different origin.

In order to allow different domains calling the restful API, you can either:

1) override the addCorsMappings (CorsRegistry registry) method. You can find the below settings under com.itblogs.config.AppConfiguration, which contains Spring configuration and bean definitions.


       //     <mvc:mapping path=”/**”

       //            allowed-origins=”http://localhost:8181″

       //            allowed-methods=”GET, POST, PUT, DELETE, OPTIONS”

       //            allowed-headers=”*”

       //            exposed-headers=”*”

       //            allow-credentials=”false”

       //            max-age=”3600″ />



       public void addCorsMappings(CorsRegistry registry) {



                           .allowedMethods(“GET”, “POST”, “PUT”, “DELETE”, “OPTIONS”)

                           //.allowedHeaders(“header1”, “header2”, “header3”)

                           //.exposedHeaders(“header1”, “header2”)




2) or, adding @CrossOrigin annotation to the method(s) of your controller, such as:

But, in this case, you may need to define @CrossOrigin to all of your controllers’ methods.

Please rate this