Geek Answers Handbook

The requested resource does not have an Access-Control-Allow-Origin header. Ionic, AngularJS, Spring Boot 1.3

I am using Ionic and Spring Boot 1.3. Only after I upgraded to 1.3 do I get this problem ...

Apparently after upgrading to Spring Boot 1.3. CorsFilter is completely ignored. All this condemns me. So I looked at the NEW way, and this is what I got.

package app.config; import org.springframework.context.annotation.Configuration; import org.springframework.web.servlet.config.annotation.CorsRegistry; import org.springframework.web.servlet.config.annotation.EnableWebMvc; import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter; @Configuration @EnableWebMvc public class WebConfig extends WebMvcConfigurerAdapter { @Override public void addCorsMappings(CorsRegistry registry) { registry.addMapping("/**") .allowedOrigins("http://192.168.1.66:8101") .allowCredentials(false) .maxAge(3600) .allowedHeaders("Accept", "Content-Type", "Origin", "Authorization", "X-Auth-Token") .exposedHeaders("X-Auth-Token", "Authorization") .allowedMethods("POST", "GET", "DELETE", "PUT", "OPTIONS"); } }

The above code snippet is invoked when the application loads. Unlike CorsFilter, which is executed every time there is a request. But by switching to Spring Boot 1.3, I can no longer get this in the network filter.

Again, the code loads, I set a breakpoint, and addCorsMapping is called every time so that the settings are executed. So ... why am I still getting this error

 XMLHttpRequest cannot load http://192.168.1.66:8080/login?username=billyjoe&password=happy. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://192.168.1.66:8101' is therefore not allowed access.

EDIT Below is my old CorsFilter. It doesn't work anymore since I upgraded to Spring Boot 1.3

 package app.config; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.stereotype.Component; @Component public class CorsFilter implements Filter { private final Logger log = LoggerFactory.getLogger(CorsFilter.class); public CorsFilter() { log.info("SimpleCORSFilter init"); } @Override public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) res; String clientOrigin = request.getHeader("origin"); response.addHeader("Access-Control-Allow-Origin", clientOrigin); response.setHeader("Access-Control-Allow-Methods", "POST, GET, DELETE, PUT"); response.setHeader("Access-Control-Allow-Credentials", "true"); response.setHeader("Access-Control-Max-Age", "3600"); response.setHeader("Access-Control-Allow-Headers", "Accept, Content-Type, Origin, Authorization, X-Auth-Token"); response.addHeader("Access-Control-Expose-Headers", "X-Auth-Token"); if (request.getMethod().equals("OPTIONS")) { response.setStatus(HttpServletResponse.SC_OK); } else { chain.doFilter(request, response); } } @Override public void init(FilterConfig filterConfig) { } @Override public void destroy() { } }
+6
source share
3 answers

Figured it out. I use CustomToken Login and for some reason New configurations for version 1.3 and higher do not set the response using Access-Control-Allow-Origin when using user login authentication. So somewhere in my user input I had to add a response header.

 httpServletResponse.addHeader("Access-Control-Allow-Origin", "http://192.168.1.66:8080");

In older versions of Spring, CorsFilter is set to a filter, so it will set this every time a call is made. It seems that the new configurations work only when the controller is called correctly, but since the login is processed in filters, not the controller, the response body is never set. It authenticates the user Access-Control-Allow-Origin correctly

+5
source

You can try something like this. This works for me :.

 @Component public class SimpleCORSFilter implements Filter { public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { HttpServletResponse response = (HttpServletResponse) res; response.setHeader("Access-Control-Allow-Origin", "*"); response.setHeader("Access-Control-Allow-Methods", "POST, GET, PUT, OPTIONS, DELETE, PATCH"); response.setHeader("Access-Control-Max-Age", "3600"); response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept"); chain.doFilter(req, res); } public void init(FilterConfig filterConfig) {} public void destroy() {} }
+6
source

In my open source project, I needed CORS support to upgrade to Spring 4.2. I used the filter as follows:

 @Component public class SimpleCORSFilter implements Filter { public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { HttpServletResponse response = (HttpServletResponse) res; response.setHeader("Access-Control-Allow-Origin", "*"); response.setHeader("Access-Control-Allow-Methods", "POST, GET, PUT, OPTIONS, DELETE, PATCH"); response.setHeader("Access-Control-Max-Age", "3600"); response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept"); chain.doFilter(req, res); } public void init(FilterConfig filterConfig) {} public void destroy() {} }

as an alert to Crayfish. However, when I upgrade in spring-boot 1.3.3, I changed the configuration as shown below:

 @SpringBootApplication @Configuration @EnableEurekaClient @RibbonClients @EnableCircuitBreaker @EnableZuulProxy @EnableJpaRepositories(basePackages = "it.valeriovaudi.documentlibrary.repository") @EnableTransactionManagement @EnableRedisHttpSession @PropertySource("classpath:restBaseUrl.properties") @EnableAspectJAutoProxy(proxyTargetClass = true) // without this declaration the RestTemplate injection wil be fails becouse spring cloud proxied this class for load balance with netflix ribbon public class UserDocumentLibraryClientApplication { public static void main(String[] args) { SpringApplication.run(UserDocumentLibraryClientApplication.class, args); } @Bean public static PropertySourcesPlaceholderConfigurer placeholderConfigurerSupport() { return new PropertySourcesPlaceholderConfigurer(); } @Bean public EmbeddedServletContainerCustomizer exceptionHandling() { return container -> container.addErrorPages(new ErrorPage("/exception")); } @Bean public WebMvcConfigurer corsConfigurer() { return new WebMvcConfigurerAdapter() { @Override public void addCorsMappings(CorsRegistry registry) { registry.addMapping("/**"); } }; } }

this is taken from the main configuration of my project, and such a configuration works well for me even in a complex distributed system with spring cloud's netflix api.

I hope this can help you.

+1
source

More articles:


All Articles