I am experiencing this error.
XMLHttpRequest cannot load http://localhost:8080/oauth/token. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:3000' is therefore not allowed access. The response had HTTP status code 401.
I have already added my cors filter.
@Component
public class CorsFilter implements Filter {
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin"));
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "origin,Content-Type, Accept, X-Requested-With, remember-me");
if(request.getHeader("request").equalsIgnoreCase("options")) {
response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin"));
}
chain.doFilter(req, res);
}
@Override
public void init(FilterConfig filterConfig) {
}
@Override
public void destroy() {
}
}
and may security config goes like this.
//Added Swagger to ignore lists
http.authorizeRequests()
.antMatchers(
"/swagger-ui.html",
"/webjars/springfox-swagger-ui/**",
"/configuration/ui",
"/oauth/token",
"/v2/**",
"/register",
"/swagger-resources",
"/clinic",
"/reindex",
"/rating/featured-rating",
"/doctor/*",
"/doctor/clinic/*",
"/doctor/profile/*",
"/clinic/profile/*",
"/**/*.html",
"/app/**",
"/assets/**",
"/fonts/*",
"/styles/images/*",
"/",
"/search-term",
"/search/detail",
"/location",
"/verify",
"/register",
"/doctor/register/request",
"/rating/create",
"/rating/has-like",
"/rating/like",
"/doctor/download/**",
"/clinic/download/**",
"/patient/references/*",
"/vanilla",
"/rating/featured-rating",
"/reset",
"/validate-pass",
"/change-pass",
"/save-pass",
"/users",
"/events/report").permitAll()
.anyRequest().authenticated()
.and().csrf().disable();
http.authorizeRequests()
.antMatchers(HttpMethod.OPTIONS, "/**").permitAll();
http.headers()
.xssProtection().and()
.cacheControl().and()
.httpStrictTransportSecurity().and()
.frameOptions();
And here's the screenshot of my error
What else did I miss?
EDIT
I have updated my cors config into the following
import org.springframework.core.Ordered;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Enumeration;
@Component
@Order(Ordered.HIGHEST_PRECEDENCE)
public class CorsFilter implements Filter {
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin"));
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "Content-Type, Accept, X-Requested-With, remember-me");
request.getHeaderNames();
if(request.getMethod().equalsIgnoreCase("OPTIONS")) {
} else {
chain.doFilter(req, res);
}
//chain.doFilter(req, res);
}
@Override
public void init(FilterConfig filterConfig) {
}
@Override
public void destroy() {
}
}
However, the response is now like this
No response of authorization_token available which is needed for this application of the purpose of calling the /oauth/token
In accordance with this post you need two changes:
Make sure that the filter is loaded before the Spring Security filter by adding the @Ordered
annotation.
import org.springframework.core.Ordered; import org.springframework.core.annotation.Order; @Component @Order(Ordered.HIGHEST_PRECEDENCE) class CorsFilter implements Filter {
You should break the filter chain for the OPTION request method.
if(request.getHeader("request").equalsIgnoreCase("options")) { // ... } else { chain.doFilter(req, res); }
In addition, I don't quite understand why you set the Access-Control-Allow-Origin
header inside that if statement since you do this before the condition.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.