Allowed Origins

To allow any origin for a given configuration, simply don’t include the allowedOrigins key in your configuration.

To specify a list of valid origins, set the allowedOrigins key of the configuration to a list of strings. Each value can either be a static value ([http://www.foo.com](http://www.foo.com)) or a regular expression (^http(|s)://www\.google\.com$).

Any regular expressions are passed to Pattern#compile and compared to the request origin with Matcher#matches.

Example CORS Configuration

  1. micronaut:
  2.     server:
  3.         cors:
  4.             enabled: true
  5.             configurations:
  6.                 web:
  7.                     allowedOrigins:
  8.                         - http://foo.com
  9.                         - ^http(|s):\/\/www\.google\.com$