Documentation

You are viewing the documentation for the 2.9.x release series. The latest stable release series is 3.0.x.

§Cross-Origin Resource Sharing

Play provides a filter that implements Cross-Origin Resource Sharing (CORS).

CORS is a protocol that allows web applications to make requests from the browser across different domains. A full specification can be found here.

§Enabling the CORS filter

To enable the CORS filter, add play.filters.cors.CORSFilter to application.conf:

play.filters.enabled += "play.filters.cors.CORSFilter"

§Configuring the CORS filter

The filter can be configured from application.conf. For a full listing of configuration options, see the Play filters reference.conf.

The available options include:

For example:

play.filters.cors {
  pathPrefixes = ["/some/path", ...]
  allowedOrigins = ["http://www.example.com", ...]
  allowedHttpMethods = ["GET", "POST"]
  allowedHttpHeaders = ["Accept"]
  preflightMaxAge = 3 days
}

Next: Configuring CSP


Found an error in this documentation? The source code for this page can be found here. After reading the documentation guidelines, please feel free to contribute a pull request. Have questions or advice to share? Go to our community forums to start a conversation with the community.