Enabling cross origin for microservices interactions

Browsers are generally restricted when client-side web applications running from one origin request data from another origin. Enabling cross origin access is generally termed as CORS (Cross Origin Resource Sharing).

This is particularly important when dealing with microservices, such as when the microservices run on separate domains, and the browser tries to access these microservices from one browser after another:

The preceding example showcases how to enable cross origin requests. With microservices, since each service runs with its own origin, it will easily get into the issue of a client-side web application, which consumes data from multiple origins. For instance, a scenario where a browser client accesses customers from the customer microservice, and order history from the order microservices is very common in microservices world.

Spring Boot provides a simple declarative approach for enabling cross origin requests.

The following code example shows how to use a microservice to enable cross origin:

    @RestController
    class GreetingController{
      @CrossOrigin
      @RequestMapping("/")
      Greet greet(){
        return new Greet("Hello World!");
      }
    }

By default, all origins and headers are accepted. We can further customize the cross origin annotations by giving access to a specific origin as follows. The @CrossOrigin annotation enables a method or a class to accept cross origin requests:

    @CrossOrigin("http://mytrustedorigin.com")

Global CORS could be enabled by using the WebMvcConfigurer bean, and customizing the addCorsMappings (CorsRegistry registry) method.