In this article, we will discuss how we can enable the CORS filter with Quarkus. This is very well described at Quarkus Documentation. As per the documentation:

Quarkus comes with a CORS filter which implements the javax.servlet.Filter interface and intercepts all incoming HTTP requests. It can be enabled in the Quarkus configuration file, src/main/resources/

Once we enable this, all requests will be allowed to reach Quarkus service endpoint. I will just demonstrate this with an example which is available at my GitHub repository.

Here, two folders are important.

1. corsRequest/src: HTML (index.html) and JavaScript (app.js): This is a simple HTML which accesses the Quarkus endpoint via app.js.

2. quarkusCorsRestEasy: Quarkus simple resteasy endpoint. One can also create this application from – there is no need to select any extension. This is a basic example.

Let’s now execute the example:

1. Run Quarkus Service. Here, we have set “quarkus.http.cors=true” in

2. In app.js, we just invoke the backend Quarkus service.

3. Open the browser to view index.html within corsRequest/src.

4. In the browser, we will find the text “Hello RESTEasy quarkus example”. This matches, so all is well – the request from the browser is able to access Quarkus service.

5. Now, let’s set “quarkus.http.cors=false” in Start the Quarkus service again.

6. If we open index.html again from browser, we will find text “script execution” as response in Page. In the Console tab of browser’s developer tool we will find errors like.

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:8080/hello-resteasy. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).

That’s it. I hope this POC will help you to test out CORS with Quarkus quickly. Also, setting “quarkus.http.cors=true” may not meet your requirement as it enables all requests to go through. Thus, you would need more quarkus CORS headers as described in the Quarkus Documentation to even have more control of request from which domains should access endpoint.

Source link

Write A Comment