Add Cross-Origin Resource Sharing (CORS) headers for Grails 3 applications.
For Grails 3.2.2+, please use the Grails built-in CORS support, you no longer need this plugin.
Grails 3.0.x - 3.2.1 Only
This plugin will add a new Interceptor (see Grails 3 Interceptor API) to your Grails app that adds CORS headers to all your controllers and actions.
This plugin has only been tested with Grails 3.0., 3.0.15, 3.1.4 and 3.2.0, 3.2.1
- for Grails 3.1.4+, please use version
- for Grails 3.0.15+, please use version
- for Grails 3.0.4 - 3.0.14, please use version
For Grails 2.x app, please use the execellent CORS Plugin. In fact, this plugin is based on the Grails 3 servlet filter code provided in the README by that plugin author. The filter code is rewritten as interceptor for this plugin.
1. Add Plugin Dependency
Add the following dependency to your Grails app,
2. (Optional) Add HTTP OPTIONS Method URL Mapping
For Grails 3.1.4+, this step is no longer needed. Please skip it.
To support the preflight CORS request with HTTP OPTIONS method, url mappings for OPTIONS method must be added explicitly.
"/books"(resources:'book') // mapping to REST resource "book" "/books/$id?"(controller:'book', method: 'OPTIONS') // explicitly map OPTIONS method to "book" REST controller
3. (Optional) Configuration Settings
corsInterceptor: includeEnvironments: ['development', 'test'] excludeEnvironments: ['production'] allowedOrigins: ['yourhost.com'] allowedHeaders: ['my-authorization-header', 'origin', 'content-type', 'accept']
- includeEnvironments - include this plugin only in the environments listed (default to all environments)
- excludeEnvironments - exclude this plugin from the environments listed (default to null)
- allowedOrigins - white list for allowed origins (default to all origins without restrictions)
- allowedHeaders - custom headers to be used in “Access-Control-Allow-Headers” (default to
["origin", "authorization", "accept", "content-type", "x-requested-with"])
Working with Spring Security Core or Spring Security REST Plugins
See the sample app grails3-cors-interceptor-spring-security-rest-sample-app for detailed instructions on how to get
grails3-cors-interceptor working with Spring Security Core or Spring Security REST plugin.