Configuring the Spring Management Endpoint

Configuring the Spring Management Endpoint#

The Spring Management Endpoint (including the health endpoint) options can be configured under application.properties with the following attributes: (As seen on https://docs.spring.io/spring-boot/docs/current/reference/html/actuator.html#actuator.endpoints.cors)

  • Allowed Origins:
    Comma-separated list of origins to allow. When no allowed origin patterns or allowed origins are set, CORS support is disabled. It supports ‘*’ as a wildcard.

    management.endpoints.web.cors.allowed-origins=https://example.com, http://localhost:8080/\*

  • Allowed Origin Patterns:
    Comma-separated list of origin patterns to allow. Unlike allowed origins which only supports ‘*’, origin patterns are more flexible (for example ‘https://*.example.com’) and can be used when credentials are allowed. When no allowed origin patterns or allowed origins are set, CORS support is disabled.

    management.endpoints.web.cors.allowed-origin-patterns=https://\*.example.com

  • Allowed Methods:
    Comma-separated list of methods to allow. ‘*’ allows all methods. When not set, defaults to GET.

    management.endpoints.web.cors.allowed-methods=GET,POST,PUT,DELETE,OPTIONS

  • Allowed Headers:
    Comma-separated list of headers to allow in a request. ‘*’ allows all headers.

    management.endpoints.web.cors.allowed-headers=*

  • Exposed Headers:
    Comma-separated list of headers to include in a response.

    management.endpoints.web.cors.exposed-headers=*

  • Allow Credentials:
    Boolean, whether credentials are supported. When not set, credentials are not supported.

    management.endpoints.web.cors.allow-credentials=true

  • Max Age:
    Number, how long in seconds the response from a pre-flight request can be cached by clients.

    management.endpoints.web.cors.max-age=3600