By using Cross-Origin Resource Sharing (CORS) you can restrict access to resources to specific domains in a Spring Cloud Gateway instance.
A Spring Cloud Gateway service instance can be configured with its own CORS configuration by defining cors property block. To create a Gateway service instance that add allowed origin of "https://example.com", you might run:
$ cf cs p.gateway standard mygateway -c '{"cors": { "allowed-origins": [ "https://example.com" ] }'
You can configure the following parameters in the cors property block:
| Parameter | Function | Example |
allowed-origins |
Allowed origins to make cross-site requests. These values will be combined with the values in allowed-origin-patterns. | "allowed-origins": [ "https://example.com" ] |
allowed-origin-patterns |
Allowed origin patterns to make cross-site requests. These values will be combined with the values in allowed-origins. | "allowed-origin-patterns": [ "https://*.test.com:8080" ] |
allowed-methods |
Allowed HTTP methods on cross-site requests. | "allowed-methods": [ "GET", "PUT", "POST" ] |
allowed-headers |
Allowed headers in cross-site requests. | "allowed-headers": [ "X-Custom-Header" ] |
max-age |
How long, in seconds, the response from a pre-flight request can be cached by clients. | "max-age": 300 |
allow-credentials |
Whether user credentials are supported on cross-site requests. Valid values: `true`, `false`. | "allow-credentials": true |
exposed-headers |
HTTP response headers to expose for cross-site requests. | "exposed-headers": [ "X-Custom-Header" ] |
