Spring MVC 3 enable Cross Origin Resource Sharing - 24 Aug 2012


I am using a Spring MVC 3 annontation driven setup, and I needed to enable Cross-Origin Resource Sharing. Relevant reading:

update web.xml

Update the DispatcherServlet section of your web.xml file (typically in WEB-INF) so that it dispatches HTTP OPTIONS requests to controllers instead of pushing back the default response that does not include the relevant Access-Control-Allow headers.



create an OPTIONS RequestMapping

In my case I want CORS to always work for any HTTP end-points, so I created a CorsCommon class that I extend all my other controllers from. NOTE: In my experience, one cannot just use "*" for Access-Control-Allow-Headers, so if your CORS request is going to be using any additional headers, be sure to list them where my-cool-header is. jQuery likes to use the x-requested-with header.

public class CorsCommon {
    @RequestMapping(method = RequestMethod.OPTIONS)
    public void commonOptions(HttpServletResponse theHttpServletResponse) throws IOException {
        theHttpServletResponse.addHeader("Access-Control-Allow-Headers", "origin, content-type, accept, x-requested-with, my-cool-header");
        theHttpServletResponse.addHeader("Access-Control-Max-Age", "60"); // seconds to cache preflight request --> less OPTIONS traffic
        theHttpServletResponse.addHeader("Access-Control-Allow-Methods", "GET, POST, OPTIONS");
        theHttpServletResponse.addHeader("Access-Control-Allow-Origin", "*");


example files

For more contextually complete examples, take a look at the following files from the spring-security-gwt-template example repo I put up on GitHub:

263 words. Post tags: Spring, MVC, and CORS.

Post content is written by Jason Zerbe and licensed CC BY-NC 3.0.