diff --git a/spring-web/src/main/java/org/springframework/web/bind/annotation/CrossOrigin.java b/spring-web/src/main/java/org/springframework/web/bind/annotation/CrossOrigin.java index d2390c855e..c9e0c465c9 100644 --- a/spring-web/src/main/java/org/springframework/web/bind/annotation/CrossOrigin.java +++ b/spring-web/src/main/java/org/springframework/web/bind/annotation/CrossOrigin.java @@ -39,7 +39,7 @@ import org.springframework.core.annotation.AliasFor; @Documented public @interface CrossOrigin { - String[] DEFAULT_ORIGIN = { "*" }; + String[] DEFAULT_ORIGINS = { "*" }; String[] DEFAULT_ALLOWED_HEADERS = { "*" }; diff --git a/spring-web/src/main/java/org/springframework/web/cors/CorsConfiguration.java b/spring-web/src/main/java/org/springframework/web/cors/CorsConfiguration.java index f4fc0e5219..2a8637c39a 100644 --- a/spring-web/src/main/java/org/springframework/web/cors/CorsConfiguration.java +++ b/spring-web/src/main/java/org/springframework/web/cors/CorsConfiguration.java @@ -42,11 +42,6 @@ public class CorsConfiguration { */ public static final String ALL = "*"; - /** - * Default maximum age (30 minutes). - */ - public static final Long DEFAULT_MAX_AGE = Long.valueOf(1800); - private List allowedOrigins; private List allowedMethods; diff --git a/spring-webmvc/src/main/java/org/springframework/web/servlet/config/annotation/CorsRegistration.java b/spring-webmvc/src/main/java/org/springframework/web/servlet/config/annotation/CorsRegistration.java index 0fe3b186f2..75d315b567 100644 --- a/spring-webmvc/src/main/java/org/springframework/web/servlet/config/annotation/CorsRegistration.java +++ b/spring-webmvc/src/main/java/org/springframework/web/servlet/config/annotation/CorsRegistration.java @@ -20,6 +20,7 @@ import java.util.ArrayList; import java.util.Arrays; import org.springframework.http.HttpMethod; +import org.springframework.web.bind.annotation.CrossOrigin; import org.springframework.web.cors.CorsConfiguration; /** @@ -49,13 +50,12 @@ public class CorsRegistration { this.pathPattern = pathPattern; // Same implicit default values as the @CrossOrigin annotation + allows simple methods this.config = new CorsConfiguration(); - this.config.addAllowedOrigin(CorsConfiguration.ALL); - this.config.addAllowedMethod(HttpMethod.GET); - this.config.addAllowedMethod(HttpMethod.HEAD); - this.config.addAllowedMethod(HttpMethod.POST); - this.config.addAllowedHeader(CorsConfiguration.ALL); - this.config.setAllowCredentials(Boolean.TRUE); - this.config.setMaxAge(CorsConfiguration.DEFAULT_MAX_AGE); + this.config.setAllowedOrigins(Arrays.asList(CrossOrigin.DEFAULT_ORIGINS)); + this.config.setAllowedMethods(Arrays.asList(HttpMethod.GET.name(), + HttpMethod.HEAD.name(), HttpMethod.POST.name())); + this.config.setAllowedHeaders(Arrays.asList(CrossOrigin.DEFAULT_ALLOWED_HEADERS)); + this.config.setAllowCredentials(CrossOrigin.DEFAULT_ALLOW_CREDENTIALS); + this.config.setMaxAge(CrossOrigin.DEFAULT_MAX_AGE); } public CorsRegistration allowedOrigins(String... origins) { diff --git a/spring-webmvc/src/main/java/org/springframework/web/servlet/mvc/method/annotation/RequestMappingHandlerMapping.java b/spring-webmvc/src/main/java/org/springframework/web/servlet/mvc/method/annotation/RequestMappingHandlerMapping.java index 156ba34a82..1989025616 100644 --- a/spring-webmvc/src/main/java/org/springframework/web/servlet/mvc/method/annotation/RequestMappingHandlerMapping.java +++ b/spring-webmvc/src/main/java/org/springframework/web/servlet/mvc/method/annotation/RequestMappingHandlerMapping.java @@ -300,7 +300,7 @@ public class RequestMappingHandlerMapping extends RequestMappingInfoHandlerMappi updateCorsConfig(config, methodAnnotation); if (CollectionUtils.isEmpty(config.getAllowedOrigins())) { - config.setAllowedOrigins(Arrays.asList(CrossOrigin.DEFAULT_ORIGIN)); + config.setAllowedOrigins(Arrays.asList(CrossOrigin.DEFAULT_ORIGINS)); } if (CollectionUtils.isEmpty(config.getAllowedMethods())) { for (RequestMethod allowedMethod : mappingInfo.getMethodsCondition().getMethods()) {