Allowed Origins

To allow any origin for a given configuration, don’t include the allowedOrigins key in your configuration.

For multiple valid origins, set the allowedOrigins key of the configuration to a list of strings. Each value can either be a static value ([http://www.foo.com](http://www.foo.com)) or a regular expression (^http(|s)://www\.google\.com$).

Regular expressions are passed to Pattern#compile and compared to the request origin with Matcher#matches.

Example CORS Configuration

  1. micronaut:
  2.   server:
  3.     cors:
  4.       enabled: true
  5.       configurations:
  6.         web:
  7.           allowedOrigins:
  8.             - http://foo.com
  9.             - ^http(|s):\/\/www\.google\.com$