What is CORS?

Cross-Origin Resource Sharing (CORS) is an HTTP-header-based mechanism that allows a server to specify which origins (domain, scheme, or port) other than its own are permitted to load resources (responses) in a browser.

A cross-origin HTTP request occurs when a client makes a request to a resource located at a different origin (i.e., a different domain, protocol, or port) than the client's own origin.

Key Points:

• Browsers can request cross-origin resources like images, CSS, JavaScript files, JSON, etc.
• By default, a browser’s security model denies cross-origin HTTP requests made by client-side scripts to prevent Ajax-based attacks.
• CORS enables servers to explicitly allow such requests from specific origins, overriding the default browser restrictions.

Example Scenario:

• A React client running on http://localhost:3000 needs to consume a Spring Boot RESTful web service API hosted at http://host:port/products.
• Without CORS, the browser would block this request due to the different origins.
• To allow the request, the server must enable CORS for the client’s origin.

Enabling CORS in Spring Boot

In a Spring Boot application, CORS can be enabled using the @CrossOrigin annotation at the class or method level in a @RestController. This allows cross-origin HTTP requests from JavaScript clients.

Usage:

• Annotate the controller class or specific methods with @CrossOrigin, specifying the allowed origin(s).
• Example:

@CrossOrigin(origins = "<http://localhost:3000>")
@RestController
public class ProductController {
    // REST API methods
}

• In this example, the ProductController allows cross-origin requests from the React client running on http://localhost:3000.

Notes:

• The @CrossOrigin annotation can be applied at the class level (to allow CORS for all methods in the controller) or at the method level (to allow CORS for specific endpoints).