We use Java Spring to create a holiday api. And we use angularjs for the interface. The remaining api are in one domain, and the corner ones are in another domain. Initially, when I tried to execute the "POST" request from angular to the rest of the api, it gave a CORS error. Then we solved this problem by setting the CORS filter to the backend. But when we tried to fulfill the request for receipt, it throws a 401 unauthorized error. This is because our request is for a non-simple-request because the request has a content type because the application / json and the headers have authorization (because we use basic authentication). Therefore, the browser sends a request before requesting “OPTIONS” before sending a request to “GET”. And therefore, error 401 is chosen to query for “OPTIONS” using Spring Security by intercepting the URL. And this is because the “OPTIONS” request does not have any credentials. Therefore, to overcome this problem, we placed the = "GET" method in the capture URL in spring -security.xml. This fixed the problem. But is it really good practice to specify the method in the interception url? And also the process that we are following is good practice?
spring angularjs spring-security cors
MohanRaj Balumuri
source share