Cors plugin

CORS PluginGrails plugin to add Cross-Origin Resource Sharing (CORS) headers for Grails applications.These headers make it possible for Javascript code served from a different host to easily make calls to yourapplication. is not easy to do this in a Grails application due to the following bug: 3+This plugin does not work with Grails 3. To handle CORS in a Grails 3 project you can just create a servlet filtersomewhere under src/main/java:@Priority(Integer.MIN_VALUE)public class CorsFilter extends OncePerRequestFilter { public CorsFilter() { } @Override protected void doFilterInternal(HttpServletRequest req, HttpServletResponse resp, FilterChain chain) throws ServletException, IOException { String origin = req.getHeader("Origin"); boolean options = "OPTIONS".equals(req.getMethod()); if (options) { if (origin == null) return; resp.addHeader("Access-Control-Allow-Headers", "origin, authorization, accept, content-type, x-requested-with"); resp.addHeader("Access-Control-Allow-Methods", "GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS"); resp.addHeader("Access-Control-Max-Age", "3600"); } resp.addHeader("Access-Control-Allow-Origin", origin == null ? "*" : origin); resp.addHeader("Access-Control-Allow-Credentials", "true"); if (!options) chain.doFilter(req, resp); }}Reference the filter in grails-app/conf/spring/resources.groovy:beans = { corsFilter(CorsFilter)}UsingAdd a dependency to BuildConfig.groovy:plugins { runtime ":cors:1.3.0" ...}The default configuration installs a servlet filter that adds the following headers to all OPTIONS requests:Access-Control-Allow-Credentials: trueAccess-Control-Allow-Headers: origin, authorization, accept, content-type, x-requested-withAccess-Control-Allow-Methods: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONSAccess-Control-Max-Age: 3600">Access-Control-Allow-Origin: Access-Control-Allow-Credentials: trueAccess-Control-Allow-Headers: origin, authorization, accept, content-type, x-requested-withAccess-Control-Allow-Methods: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONSAccess-Control-Max-Age: 3600The 'Access-Control-Allow-Origin' and 'Access-Control-Allow-Credentials' headers are also added to non-OPTIONSrequests (GET, POST et al.). If the plugin is configured to produce an 'Access-Control-Expose-Headers' header,it will be added to non-OPTIONS requests as well.These headers permit Javascript code loaded from anywhere to make AJAX calls to your application including specifyingan 'Authorization' header (e.g. for Basic authentication). The browser will cache the results of the OPTIONS requestfor 1 hour (3600 seconds).ConfigurationThe CORS plugin is configured through Config.groovy.You can limit the URL patterns the filter is applied to:cors.url.pattern = '/rest/*'This parameter also accepts a list of patterns to match:cors.url.pattern = ['/service1/*', '/service2/*']Due to the 'Stringy' nature of external properties files, url patterns can be configured using a comma seperated string such as:cors.url.pattern = /api/*, /api-docs/*You can override the default values used for the headers by supplying a headers map:cors.headers = [ 'Access-Control-Allow-Origin': ' 'My-Custom-Header': 'some value']Due to the 'Stringy' nature of external properties files, headers can be configured using a single line 'string' map:cors.headers = ['Access-Control-Allow-Origin': ' 'some value']Note that if you want to specify more than one host for 'Access-Control-Allow-Origin' there are issues withbrowser support. The recommended approach is to check the 'Origin' header of the request and echo it backif you are happy

Or set it to '' to always send back '' insteadof the Origin header, useful if the result is cached by a CDN and the Origin varies).1.1.3:Fixed issue with getWebXmlFilterOrder not working in some circumstances (thanks Danilo Tuler)1.1.2:The CORS servlet filter now processes requests ahead of the resources filters (thanks Steve Loeppky)OPTIONS requests are no longer passed down the filter chain (thanks Marcus Krantz)1.1.1: Now works with Spring Security basic authentication (thanks James Hardwick)1.1.0:If 'Access-Control-Allow-Origin' is '' (the default) then the 'Origin' header is echoed back instead of ''. Thisis potentially a breaking change but is theoretically "more compliant" with the specNo CORS headers are sent back if the client does not supply an 'Origin' headerAdded 'Access-Control-Expose-Headers' option via 'cors.expose.headers' Config.groovy settingAdded 'cors.enabled' Config.groovy setting to explicitly enable/disabled the filter (filter is enabled by default)1.0.4: Added Access-Control-Allow-Credentials: true1.0.3: Bumped version no. to workaround plugin publishing issue1.0.2: Added Access-Control-Allow-Methods header to OPTIONS request1.0.1: Added Content-Type to default Access-Control-Allow-Headers

Header.CORS Unblock4.6(8)Temporarily unblock CORS for development and testing purposesYoutube skip ads and more0.0(0)Enhance the Youtube experience by removing the irritating content and automate skip of AdvertisementsCross Domain - CORS4.0(68)Cross Domain will help you to deal with cross domain - CORS problem. This is tool helpful when face with cross domain issue.Anti-CORS, anti-CSP5.0(4)Enable cross origin requests blocked by CORS or CSP. Disable CORS and CSP in selected hostnames, preserve security of other websitesAuto Ad Skipper For YouTube (AASFY)0.0(0)Automatically skips YouTube ads for a seamless viewing experience. Not an Ad Blocker. No setup/registration/login required.CORS Unblock4.2(167)No more CORS error by appending 'Access-Control-Allow-Origin: *' header to local and remote web requests when enabledPopup & Ads Blocker5.0(1)Block all popups and Block Google AdsCORS Unblocker5.0(1)Temporarily bypass CORS restrictions to streamline development and testing workflows.CORS Unblock0.0(0)Unblocks CORS restrictions on websites.YouTube Ad Blocker & Speed Control0.0(0)Block ads on YouTube and control the playback speed for a better viewing experience.