CORS 策略：请求的资源 Spring Boot Rest API 上不存在“Access-Control-Allow-Origin”标头

Question

Hi Everyone, I am getting the error as shown in below error log details when an external client tries to consume my following api " http://host_details/processdocument " which is of type multipartformdata but other than this all other API works fine which are of type application/Json . So kindly guide me to find out the mistake I am doing in CORS config. The code and error details are as follows:

Error Log seen on browser: Access to XMLHttpRequest at ' http://host_details/processdocument ' from origin ' http://caller_host:4212 ' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

I am using Spring Boot based application with following CORS Config:

1] CORS Config details:

@Component
public class SimpleCORSFilter implements Filter {

private final Logger log = LoggerFactory.getLogger(SimpleCORSFilter.class);

public SimpleCORSFilter() {
    log.info("SimpleCORSFilter init");
}

@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {

    HttpServletRequest request = (HttpServletRequest) req;
    HttpServletResponse response = (HttpServletResponse) res;
    log.info(request.getHeader("Origin"));
    response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin"));
    response.setHeader("Access-Control-Allow-Credentials", "true");
    response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
    response.setHeader("Access-Control-Max-Age", "36000");
    response.setHeader("Access-Control-Allow-Headers", "Content-Type, Accept, X-Requested-With, remember-me");

    chain.doFilter(req, res);
}

@Override
public void init(FilterConfig filterConfig) {
}

@Override
public void destroy() {
}

}

2] The Rest API Controller class:

@RequestMapping(value=URLConstants.PROCESS_FILE_FOR_OCR,method=RequestMethod.POST,headers = {"content-type=multipart/mixed","content-type=multipart/form-data"})
    private ResponseEntity<Map<String, Object>> processVisa(
            @RequestPart(value = "file",required=true)  MultipartFile file,
            @RequestPart(value = "applicationId",required=true) String applicationId,
            @RequestPart(value = "fileCategory",required=true) String fileCategory)
    {
        //// implemntation here

    }

3] Request Header found in Console of API:

Now Multipart
   Request URL: 
http://host_detailas/processdocument
Request Method: 
POST
Status Code: 
500 
Remote Address: 
Remote_address_Url:82
Referrer Policy: 
no-referrer-when-downgrade


Request Headers
Provisional headers are shown
Accept: 
application/json, text/plain, */*
Content-Type: 
multipart/form-data
Origin: 
http://localhost:4222
Referer: 
http://localhost:4222/
User-Agent: 
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/URL Safari/537.36
Request Payload
------WebKitFormBoundaryCljOAWzb4HGBWil4 Content-Disposition: form-data; name="file"; filename="aadharcard.jpg" Content-Type: image/jpeg ------WebKitFormBoundaryCljOAWzb4HGBWil4 Content-Disposition: form-data; name="EmiratesId" Passport ------WebKitFormBoundaryCljOAWzb4HGBWil4 Content-Disposition: form-data; name="applicationId" 123 ------WebKitFormBoundaryCljOAWzb4HGBWil4--
Name

processdocument

Answer 1

that is the cors option method problem. you need to grant access option method try this on security

public class CustomSecurity extends WebSecurityConfigurerAdapter{
@Override
protected void configure(HttpSecurity http) throws Exception { 

      http.csrf()
        .disable()
        .authorizeRequests().antMatchers(HttpMethod.OPTIONS).permitAll() ....

}
}