Consider @crossorigin(originPatterns = …).

RepositoryRestHandlerMapping's RepositoryCorsConfigurationAccessor now also evaluates @crossorigin's originPatterns into the CorsConfiguration.

Fixes #2077.

Author: odrotbohm

spring-data-rest-webmvc/src/main/java/org/springframework/data/rest/webmvc/RepositoryRestHandlerMapping.java

@@ -394,6 +394,10 @@ private void updateCorsConfig(CorsConfiguration config, CrossOrigin annotation)
 				config.addExposedHeader(resolveCorsAnnotationValue(header));
 			}
 
+			for (String originPattern : annotation.originPatterns()) {
+				config.addAllowedOriginPattern(originPattern);
+			}
+
 			String allowCredentials = resolveCorsAnnotationValue(annotation.allowCredentials());
 
 			if ("true".equalsIgnoreCase(allowCredentials)) {

spring-data-rest-webmvc/src/test/java/org/springframework/data/rest/webmvc/RepositoryCorsConfigurationAccessorUnitTests.java

@@ -70,7 +70,7 @@ void createConfigurationShouldConstructCorsConfiguration() {
 		assertThat(configuration.getMaxAge()).isEqualTo(1800L);
 	}
 
-	@Test // DATAREST-573
+	@Test // DATAREST-573, #2077
 	void createConfigurationShouldConstructFullCorsConfiguration() {
 
 		CorsConfiguration configuration = accessor.createConfiguration(FullyConfiguredCorsRepository.class);
@@ -84,6 +84,7 @@ void createConfigurationShouldConstructFullCorsConfiguration() {
 		assertThat(configuration.getAllowedMethods()).doesNotContain("DELETE");
 		assertThat(configuration.getAllowCredentials()).isTrue();
 		assertThat(configuration.getMaxAge()).isEqualTo(1234L);
+		assertThat(configuration.getAllowedOriginPatterns()).containsExactly("somePattern");
 	}
 
 	@Test // DATAREST-994
@@ -105,6 +106,7 @@ interface AnnotatedRepository {}
 			allowedHeaders = "Content-type", //
 			maxAge = 1234, exposedHeaders = "Accept", //
 			methods = RequestMethod.PATCH, //
-			allowCredentials = "true")
+			allowCredentials = "true", //
+			originPatterns = "somePattern")
 	interface FullyConfiguredCorsRepository {}
 }