java spring security cross-origin-resource-policy

Can we use CrossOrigin * (wildcard) in production

what is the difference when you use a specific cross origin and when you put * ?

for example

@CrossOrigin(origins = localhost:8080) or 

@CrossOrigin(origins = "*")

does it have any security issue if it is * ?

Solution

The CrossOrigin was introduced to prevent background requests from untrusted websites.

Immagine the scenario:

You are browsing on: malicious.example.com
The website sends a background HTTP request to "DELETE http://facebook.com/my-account" to delete your account silently

You would be pretty mad if that could happen right?

That's the main reason for CORS. It prevents XHR request from non "trusted" origins. I'd encourage you to use CORS when you can to prevent such disasters to happen.

This is a simplified version, the server might also need to enable cookies and headers, and so for the Facebook DELETE to work, but... You got the idea

Java can't find symbol
Java application not recording from microphone when packaged using install4j
Using kafka-schema-registry-maven-plugin with parent and child schemas
How to add a "driver" to javax.comm? Serial port programming in Java
Java 6: Unsupported @SuppressWarnings("rawtypes") warning
java.lang.ClassCastException: java.util.LinkedHashMap cannot be cast to com.testing.models.Account
Connecting 2 java files in visual studio
Unnecessary warnings for Freemarker classes on native image execution
How do I increase the default timeout in the Cassandra Java driver using the DriverConfigLoader?
NetBeans IDE Java 1.4 compatibility: compiler not warning on JDK 5+ classes/methods
what is the need for importing libraries multiple times
Converting number to word
Spring Boot - Return an empty array of objects
Map implementation with duplicate keys
Do we have XSDs particularly for Spring 5.x?
Spring + Ehcache : How to cache find all result
Java 17+ Native-Image Logback
Kafka Best Practices + how to set recommended setting for JVM
Encode a codepoint
What causes "Unable to access jarfile" error?
Lombok getter/setter vs Java 14 record
Equivalent to DataJpaTest for Spring Data's ReactiveCrudRepository and R2DBC
"FATAL: remaining connection slots are reserved for non-replication superuser connections" triggers despite closing connections
How to load properties from application.properties with @ExtendWith(SpringExtension.class)
How to return N consecutive elements from a Collection?
%Like% Query in spring JpaRepository
Paging implimentation using Hibernate with Struts2
How to return values of only one parameter in GetMapping?
Page through an array
How can I create a memory leak in Java?