You're reading from Modern API Development with Spring and Spring Boot Design highly scalable and maintainable APIs with REST, gRPC, GraphQL, and the reactive paradigm

Product type Paperback

Published in Jun 2021

Publisher Packt

ISBN-13 9781800562479

Length 582 pages

Edition 1st Edition

Languages

Java

Tools

GraphQL

Concepts

Design

Author (1):

Sourabh Sharma

View More author details

Table of Contents (21) Chapters

Preface

1. Section 1: RESTful Web Services

2. Chapter 1: RESTful Web Service Fundamentals FREE CHAPTER

3. Chapter 2: Spring Concepts and REST APIs

4. Chapter 3: API Specifications and Implementation

5. Chapter 4: Writing Business Logic for APIs

6. Chapter 5: Asynchronous API Design

7. Section 2: Security, UI, Testing, and Deployment

8. Chapter 6: Security (Authorization and Authentication)

9. Chapter 7: Designing a User Interface

10. Chapter 8: Testing APIs

11. Chapter 9: Deployment of Web Services

12. Section 3: gRPC, Logging, and Monitoring

13. Chapter 10: gRPC Fundamentals

14. Chapter 11: gRPC-based API Development and Testing

15. Chapter 12: Logging and Tracing

16. Section 4: GraphQL

17. Chapter 13: GraphQL Fundamentals

18. Chapter 14: GraphQL API Development and Testing

19. Assessments

20. Other Books You May Enjoy

Configuring CORS and CSRF

Browsers restrict cross-origin requests from scripts for security reasons. For example, a call from http://mydomain.com to http://mydomain-2.com can't be made using a script. Also, an origin not only indicates a domain—in fact, it includes a scheme and a port too.

Before hitting to any endpoint, the browser sends a preflight request using the HTTP method option to check whether the server would permit the actual request. This request contains the following headers:

Actual request's headers (Access-Control-Request-Headers)
A header containing the actual request's HTTP method (Access-Control-Request-Method)
A Origin header that contains the requesting origin (scheme, domain, and port)
If the response from the server is successful, then only the browser allows the actual request to fire. The server responds with other headers, such as Access-Control-Allow-Origin, which contains the allowed origins (an asterisk * value...