0
0
SpringbootDebug / FixBeginner · 4 min read

How to Fix CORS Error in Spring Boot: Simple Steps

To fix a CORS error in Spring Boot, you need to allow cross-origin requests by configuring @CrossOrigin annotations or a global CorsConfiguration. This tells your backend which external domains can access its resources, preventing the browser from blocking requests.
🔍

Why This Happens

CORS errors happen because browsers block web pages from making requests to a different domain than the one that served the page. This is a security feature called the Same-Origin Policy. If your Spring Boot backend does not explicitly allow requests from other origins, the browser will stop the request and show a CORS error.

java
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class ApiController {

    @GetMapping("/data")
    public String getData() {
        return "Hello from backend";
    }
}
Output
Access to fetch at 'http://localhost:8080/data' from origin 'http://localhost:3000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
🔧

The Fix

You fix CORS errors by telling Spring Boot which origins are allowed to access your backend. You can do this by adding @CrossOrigin on your controller or method, or by defining a global CORS configuration bean. This adds the necessary headers so the browser allows the request.

java
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
@CrossOrigin(origins = "http://localhost:3000")
public class ApiController {

    @GetMapping("/data")
    public String getData() {
        return "Hello from backend";
    }
}
Output
The frontend at http://localhost:3000 can successfully fetch data from http://localhost:8080/data without CORS errors.
🛡️

Prevention

To avoid CORS errors in the future, always configure your backend to explicitly allow trusted origins. Use @CrossOrigin for simple cases or a global CorsConfiguration bean for complex setups. Avoid using * (allow all) in production for security reasons. Test your API with different clients early to catch CORS issues.

⚠️

Related Errors

Other errors related to CORS include:

  • Preflight request failures: When the browser sends an OPTIONS request before the actual request and the server does not respond correctly.
  • Missing headers: If Access-Control-Allow-Methods or Access-Control-Allow-Headers are not set properly.
  • Credentials issues: When cookies or authorization headers are sent but Access-Control-Allow-Credentials is not enabled.

Key Takeaways

CORS errors happen because browsers block cross-origin requests without permission.
Use @CrossOrigin or a global CorsConfiguration bean in Spring Boot to allow trusted origins.
Avoid using wildcard '*' origins in production for security reasons.
Test your API with different frontend origins early to catch CORS issues.
Preflight OPTIONS requests must be handled correctly to avoid CORS failures.

Related by keyword

How to Return Error Response in Spring Boot: Simple GuideError HandlingHow to Run a Spring Boot Application: Simple StepsGetting StartedHow to Add Actuator to Spring Boot: Simple StepsActuatorSpring Boot vs Spring Framework: Key Differences and When to Use EachSpring Boot vs OtherWhat Is Spring Boot Starter: Simple Explanation and ExampleGetting Started

Up next

How to Use STOMP with Spring Boot: Simple GuideHow to Use WebSocket in Spring Boot: Simple GuideSpring Boot vs Django: Key Differences and When to Use EachSpring Boot vs Express: Key Differences and When to Use Each

More in Common Errors

How to Fix 401 Unauthorized Error in Spring ApplicationsHow to Fix 403 Forbidden Error in Spring SecurityFix 415 Unsupported Media Type Error in Spring Boot QuicklyHow to Fix Bean Not Found Error in Spring Boot