Allow `@CrossOrigin` to appear at the class level
See original GitHub issueEnvironment Details
- Helidon Version: 2.x, 3.x, 4.x
- Helidon SE or Helidon MP MP
- JDK version:
- OS:
- Docker version (if applicable):
Problem Description
Currently, the @CrossOrigin
annotation applies only to methods.
If the developer wants the same CORS behavior for all resources in a given resource class, it would be convenient to annotate the class once rather than apply the same method-level annotation to multiple @Options
methods.
Issue Analytics
- State:
- Created a year ago
- Comments:9 (9 by maintainers)
Top Results From Across the Web
Enabling Cross Origin Requests for a RESTful Web Service
This @CrossOrigin annotation enables cross-origin resource sharing only for this specific method. By default, its allows all origins, all headers, and the HTTP ......
Read more >Configuring CORS with Spring Boot and Spring Security
Access-Control-Allow-Origin, Comma-separated list of whitelisted origins or “*”. ... Combination of @CrossOrigin at Class and Method Levels.
Read more >CORS with Spring - Baeldung
Enabling CORS is straightforward — just add the annotation @CrossOrigin. ... This time, we added @CrossOrigin on the class level.
Read more >Allowing cross-origin use of images and canvas - HTML
The key is to use the crossorigin attribute by setting crossOrigin on the HTMLImageElement into which the image will be loaded. This tells...
Read more >Spring CORS No 'Access-Control-Allow-Origin' header is ...
Enabling CORS for the whole application is as simple as: @Configuration @EnableWebMvc public class WebConfig extends WebMvcConfigurerAdapter { @Override ...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
@Captain1653 I should probably remove the wiki. We used that before we implemented the feature to describe our plans and thinking. The published documentation you linked to is authoritative, and it states that config overrides settings from the code. I have also updated the earlier comment on this issue to restate that.
Do you see a way in which the coding changes to address this issue would be affected by the precedence? It’s possible but that is not what I would expect.
@Captain1653 You are now also assigned. Thanks. I’ll look forward to your PR.
@spericas Yes, very good idea. Today the CDI extension stops the server start-up if
@CrossOrigin
appears on a non-OPTIONS method. The extension should also throw an exception if there is a class-level@CrossOrigin
annotation but no methods with an@OPTIONS
annotation.It will be OK to have a class-level
@CrossOrigin
even if all@OPTIONS
methods have their own@CrossOrigin
annotation. The class-level one will be ignored; we will log a FINE message in that case.With these refinements, here is the mini-functional spec:
@CrossOrigin
annotation changes so it can appear on a method or a type.@OPTIONS
methods in the class which do not have their own annotation.@OPTIONS
methods in the class, theCorsCdiExtension
throws an exception identifying the offending class and ending the server start-up.@OPTIONS
methods in the class have their own annotation), the extension logs a FINE-level message identifying the class where we are ignoring the class-level annotation.The overall task list: (with responsible person’s initials)
microprofile/cors
code to add the feature with the behavior described in the mini-functional spec. (AA)microprofile/cors
to test the new behavior, adding positive and negative tests. (AA)examples/microprofile/cors
example to use a class-level annotation, making sure there is an@OPTIONS
method in the resource class that does not have its own annotation. Update the example’s tests accordingly. (AA)docs/mp/cors/cors.adoc
doc page. (TQ)Note that I will plan to do the doc update myself, unless you really want to do that part also Andrei!