How to enable Cors?

[bolanosdev]

Hello.

i tried to enable cors on by following this (spring boot + cors tutorial, https://spring.io/guides/gs/rest-service-cors/)

and add the corsConfigurer to my springboot application, but as soon as i add the 'org.springframework.boot:spring-boot-starter-web' to my gradle file.

i cant access my playground anymore, i see a login page instead.
i look in the examples folder for cors related topics, but i couldnt see any.

[bolanosdev]

i removed the login page by disabling security with the security.basic.enabled=false on the application.properties.

but now im getting errors because it wants me to create the default rest controller (/Error) and the /graphql and /playground routes are disabled
i dont think web-starter is compatible with this project right?
what is the right way to enable cors?

[dariuszkuc]

Hi,

graphql-kotlin-spring-server is built on top of Spring WebFlux (reactive) stack which is a non-blocking alternative to a traditional Spring Web MVC (servlet, i.e. spring-boot-starter-web) based stack. Since both frameworks utilize different threading models they cannot and should not be intermixed.

Enabling CORS on webflux based apps should be pretty similar to web mvc one - see https://docs.spring.io/spring-framework/docs/current/spring-framework-reference/web-reactive.html#webflux-cors for details.

[bolanosdev]

weird....
I'm not getting WebMvcConfigurer interface nor EnableWebMvc annotation from the com.expediagroup:graphql-kotlin-spring-server:2.1.2 artifact.

see (https://github.com/CarlosBolanos/graphql-kotlin/blob/master/build.gradle.kts)
do i need to add spring webflux package?

ok, ill be reading about spring webflix, ill be back.

[smyrick]

You shouldn't need to add the webflux dependency as we pull that in for you. See the example spring server here:

graphql-kotlin/examples/spring/build.gradle.kts

Line 12 in f1d7cc8

implementation("com.expediagroup", "graphql-kotlin-spring-server")

This has added dependencies for validation and testing but the only "required" one is graphql-kotlin-spring-server

[smyrick]

You should be able to create a CorsWebFilter bean and that should be picked up by Spring automatically

https://enable-cors.org/server.html

@Bean
fun corsWebFilter(): CorsWebFilter {

    // Example of some basic config
    val corsConfig = CorsConfiguration()
    corsConfig.allowedOrigins = mutableListOf("https://example.com")
    corsConfig.allowedMethods = mutableListOf("GET", "POST")
    corsConfig.allowedHeaders = mutableListOf("Origin", "X-Requested-With", "Content-Type", "Accept")
    corsConfig.allowCredentials = true
    corsConfig.maxAge = 8000L

    // Set the URL matching
    val urlSource = UrlBasedCorsConfigurationSource()
    urlSource.registerCorsConfiguration("/**", corsConfig)

    return CorsWebFilter(urlSource)
}