How to handle HTTP OPTIONS requests in Spring Boot 2 with webflux?
Question
I configured cors as following:
@Bean
WebFluxConfigurer corsConfigurer() {
return new WebFluxConfigurerComposite() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**").allowedOrigins("*")
.allowedMethods("*");
}
};
}
and my POST is like that:
@Bean
RouterFunction<ServerResponse> routes() {
return route(POST("/create")
.and(accept(APPLICATION_JSON))
.and(contentType(APPLICATION_JSON)), serverRequest
-> create(serverRequest);
}
anyway my angular application cannot make any request until I add OPTIONS route like this:
@Bean
RouterFunction<ServerResponse> routes() {
return route(POST("/create")
.and(accept(APPLICATION_JSON))
.and(contentType(APPLICATION_JSON)), serverRequest
-> create(serverRequest)
.andRoute(OPTIONS("/create"), serverRequest -> ServerResponse.ok().build());
}
Is that necessary? Is there any way to remove this OPTIONS handling?
4 answers
solution1
2 ACCPTED 2018-10-09 15:40:24
I don't think this is supported with WebFlux functional endpoints. The Spring Framework reference documentation points to the CorsWebFilter instead .
You can define a CorsWebFilter @Bean and configure it with a custom CorsConfiguration to achieve the same thing.
solution2
1 2018-10-09 14:01:01
OPTIONS requests are pre-flight requests in Cross-origin resource sharing (CORS) and they are required to making request across different origins.
This pre-flight request is made by some browsers as a safety measure to ensure that the request being done is trusted by the server that server understand method, origin and headers being sent on the request are safe.
this is how process works:
- client send request to server with OPTIONS
- if OPTIONS Request is OK then client send actual request to server.
you might also need to expose headers.
@Bean
WebFluxConfigurer corsConfigurer() {
return new WebFluxConfigurerComposite() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**").allowedOrigins("*")
.allowedMethods("*")
.exposedHeaders("*");
}
};
}
solution3
1 2018-10-09 14:05:10
It's depend on.
If your back end and front end build on the same server and using same port, there is no need to support OPTIONS.
If not, you must support OPTIONS, because it is used to identify which methods is allowed on your server to prevent/allow CORS (cross origin resource sharing).
All latest modern browser are implemented CORS by sending HTTP OPTIONS to check it. If your sever refuse or deny it, the browser will banned your request.
solution4
0 2019-12-22 10:26:22
I had the same issue with adding CORS by "addCorsMappings" (like you did) Seems like OPTIONS route isn't supported with the above config. only by this.
@Bean
CorsWebFilter corsFilter() {
CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
config.addAllowedOrigin("http://domain1.com");
config.addAllowedHeader("*");
config.addAllowedMethod("*");
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", config);
return new CorsWebFilter(source);
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.