stackoom
  简体   繁体   中英

Response for preflight has invalid HTTP status code 401 - Spring

 原文  2016-11-01 23:11:15       java/ spring/ angular/ cors

Question

everyone. I'm new to Angular 2 and Spring Framework. I'm trying a simple get request with an authorization header (basic auth).

I'm using Spring Boot (1.2.6.RELEASE), which can also be relevant. My CORS configuration looks like this. 

@Component
public class SimpleCorsFilter implements Filter {

private final Logger log = LoggerFactory.getLogger(SimpleCorsFilter.class);

public SimpleCorsFilter() {
    log.info("SimpleCORSFilter init");
}

@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {

    HttpServletRequest request = (HttpServletRequest) req;
    HttpServletResponse response = (HttpServletResponse) res;

    response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin"));
    response.setHeader("Access-Control-Allow-Credentials", "true");
    response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE, PUT");
    response.setHeader("Access-Control-Max-Age", "3600");
    response.setHeader("Access-Control-Allow-Headers", "Content-Type, Accept, X-Requested-With, remember-me, authorization, x-auth-token");

    chain.doFilter(req, res);
}

@Override
public void init(FilterConfig filterConfig) {
}

@Override
public void destroy() {
}

}

And here's what it looks like from the client side 

    this.headers.append('Authorization', 'Basic dXNlcjphZG1pbg==');
    return this.http
            .get(`http://localhost:8080/api/login?username=${username}`, {headers : this.headers} )
            .map(response => response.json().data as any);
}

I keep getting:

XMLHttpRequest cannot load http://localhost:8080/api/login?username=user . Response for preflight has invalid HTTP status code 401

Please help, i don't know what i'm missing... I checked around a lot of posts already but couldn't get there...

4 answers

solution1
 8 ACCPTED  2016-11-02 07:30:03

avoid filtering and set status 200 when http method is OPTIONS 

if("OPTIONS".equalsIgnoreCase(request.getMethod())) {
    response.setStatus(HttpServletResponse.SC_OK);
} else {
    chain.doFilter(req, res);
}

solution2
 7  2018-03-15 05:12:41

This could be very late but this could solve some ones problem, after long hours i found the answer 

public class SecurityConfig extends WebSecurityConfigurerAdapter
{
    @Override
    public void configure( WebSecurity web ) throws Exception
    {
        web.ignoring().antMatchers( HttpMethod.OPTIONS, "/**" );
    }
}

Refer https://stackoverflow.com/a/45830981/3724760

solution3
 5  2017-09-22 20:23:57

If there is anyone getting into the similar situation working around with Spring Boot, Spring Security and clients like angular 2/4, I've posted the findings here .

For those who are looking for a short answer, you have to configure two things:

  1. With Spring Boot, the recommended way to enable global CORS is to declare within Spring MVC and combined with fine-grained @CrossOrigin configuration as: 

     @Configuration public class CorsConfig { @Bean public WebMvcConfigurer corsConfigurer() { return new WebMvcConfigurerAdapter() { @Override public void addCorsMappings(CorsRegistry registry) { registry.addMapping("/**").allowedMethods("GET", "POST", "PUT", "DELETE").allowedOrigins("*") .allowedHeaders("*"); } }; } }

  2. Then, while working with Spring Security, you have to enable CORS at Spring Security level as well to allow it to leverage the configuration defined at Spring MVC level as: 

     @EnableWebSecurity public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http.cors().and()... } }

Cheers!!!

solution4
 -1  2018-02-09 02:24:24

Another option as in spring security guide:

in security config class which extends WebSecurityConfigurerAdapter configure cors() 

  protected void configure(HttpSecurity http) throws Exception {

                http
                        .cors().and().**this will use corsConfigurationSource by** default.


    so lets define corsConfigurationSource

    // other criteria
    }

**so lets define corsConfigurationSource**

@Bean CorsConfigurationSource corsConfigurationSource() { 

CorsConfiguration configuration = new CorsConfiguration(); 

configuration.setAllowedOrigins(Arrays.asList("http://myufrontend.com")); 

configuration.setAllowedMethods(Arrays.asList("GET", "POST")); 

UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();

source.registerCorsConfiguration("/**", configuration);





 }

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Response for preflight has invalid HTTP status code 401 for oauth/token Response for preflight has invalid HTTP status code: 401 angular Response for preflight has invalid HTTP status code 401 and i used cross origin plugin Extjs and Spring MVC XMLHttpRequest cannot load Response for preflight has invalid HTTP status code 403 Response for preflight has invalid HTTP status code 403 in angular 4 & spring boot (RestAPI) application Response for preflight has invalid HTTP status code 400 Angular 5: Response for preflight has invalid HTTP status code 403 Response for preflight does not have HTTP ok status. How to parse the response body in Java, when the HTTP request has return status 401 has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM