CORS

For security reasons, browsers don’t allow JavaScript network calls to resources outside the current origin. Cross-Origin Resource Sharing or CORS solves this restriction, as it lets you specify which cross-domain requests are allowed.

By default, all cross-origin requests to the REST API are allowed. To restrict the origins list you can define the jmix.cors.allowed-origins application property and other CORS properties.

CORS settings are automatically applied to the following URLs:

/rest/**
/oauth2/**
URL patterns defined in jmix.rest.authenticated-url-patterns property.

In order to replace the default CORS configuration provided by Jmix, register a bean with the corsConfigurationSource name in your project. In this case, the properties mentioned above will not work.

Refer to Spring Security Documentation for more information on CORS.

Was this page helpful?

Thank you for your feedback

Something went wrong