stackoom
  简体   繁体   中英

Reason: CORS header ‘Access-Control-Allow-Origin’ missing / Spring Boot

 原文  2020-10-11 00:47:19       java/ spring/ spring-boot/ spring-security

Question

I have a basic spring boot rest application and angular application. (Using JWT)

However, I can not make any request because of this error:(even I add "Access-Control-Allow-Origin", "*" to response header

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:8080/api/login. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:8080/api/login. (Reason: CORS request did not succeed).

Here is the security configuration:

public class AuthTokenFilter extends OncePerRequestFilter {
// ...
}

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(
        // securedEnabled = true,
        // jsr250Enabled = true,
        prePostEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .cors().and().csrf().disable()
                .authorizeRequests()
                .antMatchers(WebUrls.API.API + WebUrls.LOGIN.LOGIN,
                        WebUrls.API.API + WebUrls.LOGIN.REGISTER,
                        WebUrls.API.API + WebUrls.LOGIN.REFRESH_TOKEN)
                .permitAll()
                .anyRequest().authenticated();
        http.addFilterBefore(authJwtTokenFilter(), UsernamePasswordAuthenticationFilter.class);
        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
    }
}

Here is the place where I am adding cors headers:

@Component
public class MyCorsFilter implements Filter {

    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletResponse response = (HttpServletResponse) servletResponse;
        response.setHeader("Access-Control-Allow-Origin", "*");
        response.setHeader("Access-Control-Allow-Methods", "GET, PUT, POST, DELETE, OPTIONS");
        response.setHeader("Access-Control-Allow-Headers", "*");
        filterChain.doFilter(servletRequest, servletResponse);
    }
}

1 answers

solution1
 2 ACCPTED  2020-10-11 09:01:41

Please try the below configuration to make this work. This enables CORS requests from any origin to any endpoint in the application.

@Configuration
@EnableWebMvc
public class WebConfig implements WebMvcConfigurer {
 
    @Override
    public void addCorsMappings(CorsRegistry registry) {
        registry.addMapping("/**");
    }
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Spring Boot: Cors policy missing 'access-control-allow-origin' Cross-Origin Request Blocked: (Reason: CORS header 'Access-Control-Allow-Origin' missing) Reason: CORS header ‘Access-Control-Allow-Origin’ missing even though explictly specificed in java resource No 'Access-Control-Allow-Origin' header is present (CORS) - Spring Boot (Spring security) Microservices + Vue.js CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource Spring Boot Rest API & VUE GAE(Spring Boot App) CORS check not returning Access-Control-Allow-Origin header CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource Spring Boot Rest API No Access-Control-Allow-Origin header Spring Boot 'Access-Control-Allow-Origin' with spring boot websocket gets blocked by CORS policy: No 'Access-Control-Allow-Origin' spring boot
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM