Simple Quarkus Example With CORS

In this article, we will discuss how we can enable the CORS filter with Quarkus. This is very well described at Quarkus Documentation. As per the documentation:

Quarkus comes with a CORS filter which implements the javax.servlet.Filter interface and intercepts all incoming HTTP requests. It can be enabled in the Quarkus configuration file, src/main/resources/application.properties:

quarkus.http.cors=true

Once we enable this, all requests will be allowed to reach Quarkus service endpoint. I will just demonstrate this with an example which is available at my GitHub repository.

Here, two folders are important.

1. corsRequest/src: HTML (index.html) and JavaScript (app.js): This is a simple HTML which accesses the Quarkus endpoint via app.js.

2. quarkusCorsRestEasy: Quarkus simple resteasy endpoint. One can also create this application from https://code.quarkus.io/ - there is no need to select any extension. This is a basic example.

Let’s now execute the example:

1. Run Quarkus Service. Here, we have set "quarkus.http.cors=true" in application.properties.

xxxxxxxxxx

[chandrashekhar@localhost quarkusCorsRestEasy]$ ./mvnw compile quarkus:dev

__  ____  __  _____   ___  __ ____  ______ 

 --/ __ \/ / / / _ | / _ \/ //_/ / / / __/ 

 -/ /_/ / /_/ / __ |/ , _/ ,< / /_/ /\ \   

--\___\_\____/_/ |_/_/|_/_/|_|\____/___/   

2021-04-04 15:13:06,876 INFO  [io.quarkus] (Quarkus Main Thread) quarkuscors 1.0 on JVM (powered by Quarkus 1.13.0.Final) started in 2.505s. Listening on: http://localhost:8080

2021-04-04 15:13:06,897 INFO  [io.quarkus] (Quarkus Main Thread) Profile dev activated. Live Coding activated.

2021-04-04 15:13:06,897 INFO  [io.quarkus] (Quarkus Main Thread) Installed features: [cdi, kubernetes, resteasy]

2. In app.js, we just invoke the backend Quarkus service.

3. Open the browser to view index.html within corsRequest/src.

xxxxxxxxxx

[chandrashekhar@localhost quarkusCORS]$ cd corsRequest/src/

[chandrashekhar@localhost src]$ ls

app.js  index.html  style.css

[chandrashekhar@localhost src]$ firefox index.html

4. In the browser, we will find the text "Hello RESTEasy quarkus example". This matches GreetingResource.java, so all is well - the request from the browser is able to access Quarkus service.

5. Now, let’s set "quarkus.http.cors=false" in application.properties. Start the Quarkus service again.

x

[chandrashekhar@localhost quarkusCorsRestEasy]$ ./mvnw compile quarkus:dev

----

Listening for transport dt_socket at address: 5005

[INFO] Checking for existing resources in: /mnt/79fece0c-d480-4c54-8268-eaf9ce6ba53d/Development_SSD/GIT_REPO/POC/quarkusCORS/quarkusCorsRestEasy/src/main/kubernetes.

__  ____  __  _____   ___  __ ____  ______ 

 --/ __ \/ / / / _ | / _ \/ //_/ / / / __/ 

 -/ /_/ / /_/ / __ |/ , _/ ,< / /_/ /\ \   

--\___\_\____/_/ |_/_/|_/_/|_|\____/___/   

2021-04-04 15:29:16,557 INFO  [io.quarkus] (Quarkus Main Thread) quarkuscors 1.0 on JVM (powered by Quarkus 1.13.0.Final) started in 2.403s. Listening on: http://localhost:8080

2021-04-04 15:29:16,562 INFO  [io.quarkus] (Quarkus Main Thread) Profile dev activated. Live Coding activated.

2021-04-04 15:29:16,562 INFO  [io.quarkus] (Quarkus Main Thread) Installed features: [cdi, kubernetes, resteasy]

6. If we open index.html again from browser, we will find text "script execution" as response in Page. In the Console tab of browser's developer tool we will find errors like.

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:8080/hello-resteasy. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).

That's it. I hope this POC will help you to test out CORS with Quarkus quickly. Also, setting "quarkus.http.cors=true" may not meet your requirement as it enables all requests to go through. Thus, you would need more quarkus CORS headers as described in the Quarkus Documentation to even have more control of request from which domains should access endpoint.