46.3 CORS support
Cross-origin resource sharing (CORS) is a W3C specification that allows you to specify in a flexible way what kind of cross domain requests are authorized. Actuator’s MVC endpoints can be configured to support such scenarios.
CORS support is disabled by default and is only enabled once the endpoints.cors.allowed-origins property has been set. The configuration below permits GET and POST calls from the example.com domain:
endpoints.cors.allowed-origins=http://example.com endpoints.cors.allowed-methods=GET,POST
![[Tip]](Spring Boot Reference Guide_files/tip.png) |
Tip |
|---|---|
| Check EndpointCorsProperties for a complete list of options. |