How to enable CORS in Jhipster

By default CORS is disabled in prod mode and enabled in dev mode.

CORS can be enabled for Prod mode by setting jhipster.cors configuration in application-prod.yml file.

jhipster:
cors:
# Allow Ionic for JHipster by default (* no longer allowed in Spring Boot 2.4+)
allowed-origins: ‘http://localhost:8100,http://localhost:9000'
allowed-methods: ‘*’
allowed-headers: ‘*’
exposed-headers: ‘Authorization,Link,X-Total-Count,X-${jhipster.clientApp.name}-alert,X-${jhipster.clientApp.name}-error,X-${jhipster.clientApp.name}-params’
allow-credentials: true
max-age: 1800

In above example CORS is enabled for url http://localhost:8100 and http://localhost:9000.

This configuration is loaded by JHipster Properties and used in WebConfigurer.java to apply the CORS configuration. By default similar configuration already exisit in application-dev.yml file.

If you want to enable CORS for additional server you can do by modifying -

allowed-origins: 'http://localhost:8100,http://localhost:9000, http://localhost:3000'