Commit fdf75d3e authored by Stephane Nicoll's avatar Stephane Nicoll

Document Actuator's CORS support

Closes gh-3010
parent 17f61c1d
......@@ -767,7 +767,7 @@ content into your application; rather pick only the properties that you need.
endpoints.liquibase.id=liquibase
endpoints.liquibase.sensitive=false
# ENDPOINTS CORS CONFIGURATION ({sc-spring-boot-actuator}/autoconfigure/MvcEndpointCorsProperties.{sc-ext}[MvcEndpointCorsProperties])
# ENDPOINTS CORS CONFIGURATION ({sc-spring-boot-actuator}/autoconfigure/EndpointCorsProperties.{sc-ext}[EndpointCorsProperties])
endpoints.cors.allow-credentials= # set whether user credentials are support. When not set, credentials are not supported.
endpoints.cors.allowed-origins= # comma-separated list of origins to allow. * allows all origins. When not set, CORS support is disabled.
endpoints.cors.allowed-methods= # comma-separated list of methods to allow. * allows all methods. When not set, defaults to GET.
......
......@@ -186,6 +186,26 @@ If the https://github.com/mikekelly/hal-browser[HAL Browser] is on the classpath
via its webjar (`org.webjars:hal-browser`), or via the `spring-data-rest-hal-browser` then
an HTML "`discovery page`", in the form of the HAL Browser, is also provided.
[[production-ready-endpoint-cors]]
=== CORS support
http://en.wikipedia.org/wiki/Cross-origin_resource_sharing[Cross-origin resource sharing]
(CORS) is a http://www.w3.org/TR/cors/[W3C specification] that allows you to specify in a
flexible way what kind of cross domain requests are authorized. Actuator's MVC endpoints
can be configured to support such scenario.
CORS support is disabled by default and is only enabled once the
`endpoints.cors.allowed-origins` property has been set. The configuration below permits
`GET` and `POST` calls from the `example.com` domain:
[source,properties,indent=0]
----
endpoints.cors.allowed-origins=http://example.com
endpoints.cors.allowed-methods=GET,POST
----
TIP: Check {sc-spring-boot-actuator}/autoconfigure/EndpointCorsProperties.{sc-ext}[EndpointCorsProperties]
for a complete list of options.
[[production-ready-customizing-endpoints-programmatically]]
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment