Skip to content

[ISSUE #410] Make CORS allowed origins configurable#414

Open
itxaiohanglover wants to merge 2 commits into
apache:masterfrom
itxaiohanglover:fix/cors-configurable-origins
Open

[ISSUE #410] Make CORS allowed origins configurable#414
itxaiohanglover wants to merge 2 commits into
apache:masterfrom
itxaiohanglover:fix/cors-configurable-origins

Conversation

@itxaiohanglover

Copy link
Copy Markdown

What is the purpose of the change

Fixes #410

The CORS allowed origin was hardcoded to http://localhost:3003 in SecurityConfig.java, making it impossible to deploy in production environments with different frontend domains.

Brief changelog

  • Added @Value("${rocketmq.config.corsAllowedOrigins:http://localhost:3003}") to make CORS origins configurable
  • Support comma-separated values for multiple origins
  • Added corsAllowedOrigins property to application.yml with documentation
  • Default value maintains backward compatibility

Verifying this change

Set rocketmq.config.corsAllowedOrigins in application.yml to verify different origins are accepted.

Replace hardcoded CORS origin (http://localhost:3003) with a configurable
property rocketmq.config.corsAllowedOrigins. Supports comma-separated
values for multiple origins. Defaults to http://localhost:3003 for
backward compatibility.
Document the new CORS configuration property with default value.
@itxaiohanglover itxaiohanglover force-pushed the fix/cors-configurable-origins branch from 65096af to 7c5a61f Compare July 6, 2026 05:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Invalid CORS request

1 participant