spring-cloud/spring-cloud-gateway

CorsGatewayFilterApplicationListener Does Not Consider Host Predicate When Configuring Cors For Individual Routes

Open

#3,278 opened on Feb 26, 2024

View on GitHub
 (0 comments) (1 reaction) (0 assignees)Java (3,204 forks)batch import
enhancementhelp wanted

Repository metrics

Stars
 (4,284 stars)
PR merge metrics
 (Avg merge 2d 2h) (15 merged PRs in 30d)

Description

I am implementing CORS not on the global level, but on the individual routes level. For my predicates, I do not use the Path Predicate. I use the Host predicate to differentiate each id. In trying to add CORS to each id, I noticed that the CorsGatewayFilterApplicationListener.onApplicationEvent(RefreshRoutesEvent event) method only considers the path predicate.

Here is an example configuration to better illustrate my problem:

spring:
  cloud:
    gateway:
      routes:
        - id: host-a
          uri: http://hostA
          order: 0
          predicates:
            - Host=HostA
          metadata:
            cors:
              allowedOrigins:
                - OriginA
              allowedMethods:
                - GET
              allowedHeaders: '*'
              allowCredentials: true
        - id: host-b
          uri: http://hostB
          order: 1
          predicates:
            - Host=HostB
          metadata:
            cors:
              allowedOrigins:
                - OriginB
              allowedMethods:
                - GET
              allowedHeaders: '*'
              allowCredentials: true

In the above example, the only allowed origin would be "OriginB" if I made a request to HostA since a Path predicate is not specified.

Contributor guide