How to release CORS to a particular address?

Asked

Viewed 2,249 times

2

I’m not getting the release CORS for http://localhost:8080, am using Spring Security.

I find the following error:

Xmlhttprequest cannot load http://localhost:9991/login. Response to preflight request doesn’t pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested Resource. Origin 'http://localhost:8080' is therefore not allowed access. The Response had HTTP status code 403.

My settings are these:

Websecurityconfig

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        // disable caching
        http.headers().cacheControl();
        http.csrf().disable()
                // disable csrf for our requests.
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
                .cors()
                .and()
                .authorizeRequests()
                .antMatchers("/").permitAll()
                .antMatchers(HttpMethod.POST, "/login").permitAll()
                .antMatchers(HttpMethod.OPTIONS, "/login").permitAll()
                .antMatchers(HttpMethod.POST, "/api/users").permitAll()
                .antMatchers(HttpMethod.OPTIONS, "/api/users").permitAll()
                .anyRequest().authenticated()
                .and()
                // We filter the api/login requests
                .addFilterBefore(new JWTLoginFilter("/login", authenticationManager()), UsernamePasswordAuthenticationFilter.class)
                // And filter other requests to check the presence of JWT in header
                .addFilterBefore(new JWTAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
    }

    @Bean
    CorsConfigurationSource corsConfigurationSource() {
        CorsConfiguration configuration = new CorsConfiguration();
        configuration.setAllowedOrigins(Arrays.asList("http://localhost:8080"));
        configuration.setAllowedMethods(Arrays.asList("GET","POST","OPTIONS","PUT"));
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", configuration);
        return source;
    }

Request

$http.post("http://localhost:9991/login", credentials)
     .then(
          function (response) {
              .log("Success");
      );
java spring spring-security cors

2 answers

4


I decided as follows.

@Bean
CorsConfigurationSource corsConfigurationSource() {
        CorsConfiguration configuration = new CorsConfiguration();
        configuration.setAllowCredentials(true);
        configuration.addAllowedOrigin("http://localhost:8080");
        configuration.addAllowedHeader("*");
        configuration.addAllowedMethod("*");
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", configuration);
        return source;
    }

  • solved, okay, congratulations!

0

Try adding headers to your app:

 $http.post("http://localhost:9991/login", credentials)
     .header("Access-Control-Allow-Origin", "*") // acesso total
     //.header("Access-Control-Allow-Origin", "http://localhost:9991")
     .header("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT")
  • 1

    I believe dealing with it on the server side is more viable, but still thank you.

  • Yes, I agree with you.

Browser other questions tagged java spring spring-security cors

You are not signed in. Login or sign up in order to post.