CORS
For security reasons, browsers don’t allow JavaScript network calls to resources outside the current origin. Cross-Origin Resource Sharing or CORS solves this restriction, as it lets you specify which cross-domain requests are allowed.
By default, all cross-origin requests to the REST API are allowed. To restrict the origins list you can define the jmix.cors.allowed-origins application property and other CORS properties.
CORS settings are automatically applied to the following URLs:
-
/rest/**
-
/oauth2/**
-
URL patterns defined in jmix.rest.authenticated-url-patterns property.
In order to replace the default CORS configuration provided by Jmix, register a bean with the corsConfigurationSource
name in your project. In this case, the properties mentioned above will not work.
Refer to Spring Security Documentation for more information on CORS.