Enable cross origin HTTP requests
Tip submitted by @tomcgn
You might want to use the nice out-of-the-box API to integrate your application into existing websites. One approach could be to use Knockout to bind your entities with ease and render the entity on e.g. your blog, being served from your JHipster application.
Two aspects need to be changed in the standard JHipster code in order to use the API from simple HTML/AJAX clients:
- Configure the
SecurityConfiguration
- Tell the browsers of the users that visit the 3rd party site that uses the API that your app permits the origin of that request.
Modify the SecurityConfiguration
In method SecurityConfiguration.configure(HttpSecurity http)
, add new directives as needed in the .and().authorizeRequests()
part, e.g. :
.antMatchers("/api/_search/meetings/**").permitAll()
.antMatchers("/api/_search/meetings").permitAll()`
Of course you can make use of .hasAuthority()
and .authenticated()
to make your thinst-client a bit more dynamic.
Adapt the HTTP response headers
You need to add the following directives to the CsrfCookieGeneratorFilter
:
In method doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException
response.addHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "86400"); // 24 Hours
response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, x-auth-token");