Four Techniques for Handling CORS in SpringBoot Applications

This article introduces four practical ways to solve cross‑origin issues in a SpringBoot project.

What is cross‑origin? Two URLs are considered same‑origin only when protocol, domain and port are identical. When a browser accesses http://admin.training.com and calls an API at http://api.training.com , the request is cross‑origin.

Understanding CORS – CORS (Cross‑Origin Resource Sharing) is a W3C standard that lets browsers send XMLHttpRequest to a different origin, provided the server explicitly permits it via special HTTP headers. For non‑simple requests, the browser first sends a pre‑flight OPTIONS request.

1. Simple request – The browser includes an Origin header; the server replies with Access-Control-Allow-Origin and Access-Control-Allow-Methods to approve the request.

2. Pre‑flight request – For complex requests the browser sends an OPTIONS pre‑flight to verify permission before the actual request.

3. Nginx configuration – Instead of modifying the SpringBoot code, you can configure CORS at the reverse‑proxy layer. A typical Nginx snippet adds the required headers.

4. Configuration class – Create a CorsConfig.java that implements WebMvcConfigurer (or extends WebMvcConfigurerAdapter ) and overrides addCorsMappings to define allowed origins, methods, and credentials.

5. CorsFilter bean – Define a bean:

@Bean public FilterRegistrationBean<CorsFilter> corsFilter() { … } This registers a CorsFilter with high priority, ensuring CORS handling even if other interceptors fail.

6. Gateway mode – In micro‑service architectures, configure CORS on the API gateway (e.g., SpringCloud Gateway) so downstream services do not need to manage cross‑origin themselves.