You are here

Feed aggregator

Answer by Hendy Irawan for CORS issue - No 'Access-Control-Allow-Origin' header is present on the requested resource

Hendy Irawan on Stack Overflow - Sat, 04/22/2017 - 19:51

Since Spring Security 4.1, this is the proper way to make Spring Security support CORS (also needed in Spring Boot 1.4/1.5):

@Configuration public class WebConfig extends WebMvcConfigurerAdapter { @Override public void addCorsMappings(CorsRegistry registry) { registry.addMapping("/**") .allowedMethods("HEAD", "GET", "PUT", "POST", "DELETE", "PATCH"); } }

and:

@Configuration public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { // http.csrf().disable(); http.cors(); } @Bean public CorsConfigurationSource corsConfigurationSource() { final CorsConfiguration configuration = new CorsConfiguration(); configuration.setAllowedOrigins(ImmutableList.of("*")); configuration.setAllowedMethods(ImmutableList.of("HEAD", "GET", "POST", "PUT", "DELETE", "PATCH")); // setAllowCredentials(true) is important, otherwise: // The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. configuration.setAllowCredentials(true); // setAllowedHeaders is important! Without it, OPTIONS preflight request // will fail with 403 Invalid CORS request configuration.setAllowedHeaders(ImmutableList.of("Authorization", "Cache-Control", "Content-Type")); final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); source.registerCorsConfiguration("/**", configuration); return source; } }

Do not do any of below, which are the wrong way to attempt solving the problem:

  • http.authorizeRequests().antMatchers(HttpMethod.OPTIONS, "/**").permitAll();
  • web.ignoring().antMatchers(HttpMethod.OPTIONS);

Reference: http://docs.spring.io/spring-security/site/docs/4.2.x/reference/html/cors.html

Categories: Open Source Projects

Comment by Hendy Irawan on CORS issue - No 'Access-Control-Allow-Origin' header is present on the requested resource

Hendy Irawan on Stack Overflow - Sat, 04/22/2017 - 19:38
.andMatchers(HttpMethod.OPTIONS, "/**").permitAll() never worked for me, it didn't give the proper CORS headers on OPTIONS. Only the Spring Security-approved CORS technique works.
Categories: Open Source Projects

Answer by Hendy Irawan for Spring security CORS Filter

Hendy Irawan on Stack Overflow - Sat, 04/22/2017 - 19:35

Since Spring Security 4.1, this is the proper way to make Spring Security support CORS (also needed in Spring Boot 1.4/1.5):

@Configuration public class WebConfig extends WebMvcConfigurerAdapter { @Override public void addCorsMappings(CorsRegistry registry) { registry.addMapping("/**") .allowedMethods("HEAD", "GET", "PUT", "POST", "DELETE", "PATCH"); } }

and:

@Configuration public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { // http.csrf().disable(); http.cors(); } @Bean public CorsConfigurationSource corsConfigurationSource() { final CorsConfiguration configuration = new CorsConfiguration(); configuration.setAllowedOrigins(ImmutableList.of("*")); configuration.setAllowedMethods(ImmutableList.of("HEAD", "GET", "POST", "PUT", "DELETE", "PATCH")); final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); source.registerCorsConfiguration("/**", configuration); return source; } }

Do not do any of below, which are the wrong way to attempt solving the problem:

  • http.authorizeRequests().antMatchers(HttpMethod.OPTIONS, "/**").permitAll();
  • web.ignoring().antMatchers(HttpMethod.OPTIONS);

Reference: http://docs.spring.io/spring-security/site/docs/4.2.x/reference/html/cors.html

Categories: Open Source Projects

Answer by Hendy Irawan for Cross-Origin Resource Sharing with Spring Security

Hendy Irawan on Stack Overflow - Sat, 04/22/2017 - 19:34

Since Spring Security 4.1, this is the proper way to make Spring Security support CORS (also needed in Spring Boot 1.4/1.5):

@Configuration public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { // http.csrf().disable(); http.cors(); } @Bean public CorsConfigurationSource corsConfigurationSource() { final CorsConfiguration configuration = new CorsConfiguration(); configuration.setAllowedOrigins(ImmutableList.of("*")); configuration.setAllowedMethods(ImmutableList.of("HEAD", "GET", "POST", "PUT", "DELETE", "PATCH")); final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); source.registerCorsConfiguration("/**", configuration); return source; } }

Do not do any of below, which are the wrong way to attempt solving the problem:

  • http.authorizeRequests().antMatchers(HttpMethod.OPTIONS, "/**").permitAll();
  • web.ignoring().antMatchers(HttpMethod.OPTIONS);

Reference: http://docs.spring.io/spring-security/site/docs/4.2.x/reference/html/cors.html

Categories: Open Source Projects

ceefour commented on issue davidtinker/grails-cors#12

ceefour on GitHub - Sat, 04/22/2017 - 19:31
Apr 22, 2017 ceefour commented on issue davidtinker/grails-cors#12

Since Spring Security 4.1, this is the proper way to make Spring Security support CORS (also needed in Spring Boot 1.4/1.5): @Configuration public …

Categories: Open Source Projects

ceefour commented on issue spring-projects/spring-boot#5834

ceefour on GitHub - Sat, 04/22/2017 - 19:31
Apr 22, 2017 ceefour commented on issue spring-projects/spring-boot#5834

Since Spring Security 4.1, this is the proper way to make Spring Security support CORS (also needed in Spring Boot 1.4/1.5): @Configuration public …

Categories: Open Source Projects

Comment by Hendy Irawan on Not getting CORS Headers with Spring Boot 1.4

Hendy Irawan on Stack Overflow - Sat, 04/22/2017 - 19:04
@xenoterracide Your curl is different on two things: the addition of header and changing method to GET. You should still use -XOPTIONS, does it work ?
Categories: Open Source Projects

ceefour commented on issue spring-projects/spring-boot#6566

ceefour on GitHub - Sat, 04/22/2017 - 19:01
Apr 22, 2017 ceefour commented on issue spring-projects/spring-boot#6566

@xenoterracide Did you solve the problem? I have the same issue with Spring Boot 1.4.3 (with Security enabled). Access-Control-Allow-Origin is work…

Categories: Open Source Projects

ceefour pushed to master at ceefour/jobshop-web

ceefour on GitHub - Mon, 04/10/2017 - 18:50
Apr 10, 2017 ceefour pushed to master at ceefour/jobshop-web
Categories: Open Source Projects

ceefour pushed to master at ceefour/jobshop-web

ceefour on GitHub - Mon, 04/10/2017 - 18:48
Apr 10, 2017 ceefour pushed to master at ceefour/jobshop-web
Categories: Open Source Projects

ceefour pushed to master at ceefour/jobshop-web

ceefour on GitHub - Mon, 04/10/2017 - 18:42
Apr 10, 2017 ceefour pushed to master at ceefour/jobshop-web
Categories: Open Source Projects

ceefour pushed to master at ceefour/jobshop-web

ceefour on GitHub - Mon, 04/10/2017 - 18:40
Apr 10, 2017 ceefour pushed to master at ceefour/jobshop-web
Categories: Open Source Projects

ceefour pushed to master at ceefour/jobshop-web

ceefour on GitHub - Mon, 04/10/2017 - 18:36
Apr 10, 2017 ceefour pushed to master at ceefour/jobshop-web
Categories: Open Source Projects

ceefour pushed to master at ceefour/jobshop-web

ceefour on GitHub - Mon, 04/10/2017 - 18:30
Apr 10, 2017 ceefour pushed to master at ceefour/jobshop-web
Categories: Open Source Projects

ceefour pushed to master at ceefour/jobshop-web

ceefour on GitHub - Mon, 04/10/2017 - 18:25
Apr 10, 2017 ceefour pushed to master at ceefour/jobshop-web
Categories: Open Source Projects

Pages