Enable CORS for /health endpoint in Spring Boot Actuator

Jon Erickson picture Jon Erickson · May 6, 2016 · Viewed 10.3k times · Source

We want to enable Cors for all GET requests to the /health endpoint provided by spring boot actuator.

We tried adding the following bean without success

@Bean
public WebMvcConfigurer corsConfigurer() {
    return new WebMvcConfigurerAdapter() {
        @Override
        public void addCorsMappings(CorsRegistry registry) {
            registry.addMapping("/health").allowedMethods("GET");
        }
    };
}

Answer

Andy Wilkinson picture Andy Wilkinson · May 6, 2016

There are a few properties that can be used to enable CORS for the actuator's endpoints. For example, to allow GET requests from example.com in Spring Boot 1.x:

endpoints.cors.allowed-origins=http://example.com
endpoints.cors.allowed-methods=GET

and for Spring Boot 2:

management.endpoints.web.cors.allowed-origins=http://example.com
management.endpoints.web.cors.allowed-methods=GET