Sunday, January 16, 2022

CORS header ‘Access-Control-Allow-Origin’ missing with Spring Data REST

January 16, 2022 cors, kotlin, spring-boot, spring-data-rest No comments

Issue

I'm trying to solve a CORS issue with spring data rest but seems like the CORS headers are not attached. This is the config I have:

@Component
class DataRestConfig: RepositoryRestConfigurer {
    override fun configureRepositoryRestConfiguration(config: RepositoryRestConfiguration?, cors: CorsRegistry?) {
        cors?.addMapping("/*")
           ?.allowedOrigins("*")
           ?.allowedMethods("GET", "PUT", "DELETE","PATCH","POST","OPTIONS")
     }
}

I also had the same issue with other API routes that are out of spring data rest. Here is my WebSecurityConfigurerAdapter

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
open class WebSecurityConfig(private val userDetailsServices: DatabaseUserDetailsServices, private val jwtService: JWTService): WebSecurityConfigurerAdapter() {

    @Value("\${auth.jwt.secret}")
    private var secret: String = ""

    override fun configure(http: HttpSecurity) {
        http
            .cors().and()
            .csrf().disable()
            .addFilterAfter(JWTAuthorizationFilter(userDetailsServices, secret, jwtService),UsernamePasswordAuthenticationFilter::class.java)
            .authorizeRequests()
            .antMatchers(HttpMethod.POST,UserController.LOGIN_URL).permitAll()
            .antMatchers(HttpMethod.OPTIONS,"/**").permitAll()
            .anyRequest().authenticated()
    }
}

Edit:

Added the full WebSecurityConfigurerAdapter
I noticed that the OPTIONS request gets 403 this is why I've added the antMatchers for OPTIONS method but it did not help.
Here are the response and request headers. There is no response body:

Solution

I don't know why the other configs are not taken into account and I don't know if this is considered a good solution but since I only need this on the local environment it is not that important. This is how I got this working:

@Bean
@Profile("local")
open fun corsConfigurationSource(): CorsConfigurationSource{
    val cors = UrlBasedCorsConfigurationSource()
    val config = CorsConfiguration().applyPermitDefaultValues()

    config.addAllowedMethod(HttpMethod.OPTIONS)
    config.addAllowedMethod(HttpMethod.POST)
    config.addAllowedMethod(HttpMethod.PATCH)
    config.addAllowedMethod(HttpMethod.DELETE)

    cors.registerCorsConfiguration("/**", config)

    return cors
}

Answered By - Chrys

This Answer collected from stackoverflow and tested by AndroidBugFix community admins, is licensed under cc by-sa 2.5 , cc by-sa 3.0 and cc by-sa 4.0

Sunday, January 16, 2022

CORS header ‘Access-Control-Allow-Origin’ missing with Spring Data REST

Issue

Solution

0 comments:

Post a Comment

Popular Posts

Labels