You can configure Cross-Origin Resource Sharing (CORS) behavior globally on the gateway or per route. Both offer the same functionality and possibilities.
1. Global CORS configuration
The "global" CORS configuration is a Map that maps URL patterns to Spring Framework's CorsConfiguration. The following example demonstrates how to configure CORS:
application.yml
spring:
cloud:
gateway:
globalcors:
cors-configurations:
'[/**]':
allowedOrigins: "https://docs.spring.io"
allowedMethods:
- GET
In the example above, requests from docs.spring.io are allowed to CORS for all GET request paths.
To provide the same CORS configuration for requests not handled by certain gateway routing predicates, set the spring.cloud.gateway.globalcors.add-to-simple-url-handler-mapping property to true. This is useful when you're trying to support CORS preflight requests and your route predicates won't evaluate to true because the HTTP method is an option.
Please note that the spring.cloud.gateway.globalcors.add-to-simple-url-handler-mapping property has been deprecated, and the official recommendation is to use the spring.cloud.gateway.globalcors.cors-configurations property to define the global CORS configuration. Here is an example configuration:
application.yml
spring:
cloud:
gateway: