CORS Origin Spring Boot Jhipster - pre-flight fail

2020-07-18 08:55发布

站内问答 / SpringBoot
491 3 6

I am using jhipster v2.27.2 I have enabled cors by uncommenting the lines in the application.yml

jhipster:
async:
    corePoolSize: 2
    maxPoolSize: 50
    queueCapacity: 10000

cors: #By default CORS are not enabled. Uncomment to enable.
    allowed-origins: "*"
    allowed-methods: GET, PUT, POST, DELETE, OPTIONS
    allowed-headers: "*"
    exposed-headers:
    allow-credentials: true
    max-age: 1800

In the "WebConfigurer"

@Bean
    public CorsFilter corsFilter() {
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        CorsConfiguration config = props.getCors();
        if (config.getAllowedOrigins() != null && !config.getAllowedOrigins().isEmpty()) {
            source.registerCorsConfiguration("/api/**", config);
            source.registerCorsConfiguration("/v2/api-docs", config);
            source.registerCorsConfiguration("/oauth/**", config);
        }
        return new CorsFilter(source);
    }

But still when I request for the access token, I see this error

http://localhost:8080/oauth/token?username=admin&password=admin&grant_type=password&scope=read. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:9090' is therefore not allowed access. The response had HTTP status code 401.

3条回答
劳资没心,怎么记你
2楼-- · 2020-07-18 09:04

Another option in the SecurityConfiguration.java. Instead of using antMatcher within the configure(HttpSecurity) override, is to add it within the configure(WebSecurity) override...

public void configure(WebSecurity web) throws Exception {
    web.ignoring()
        .antMatchers(HttpMethod.OPTIONS, "/**")
查看更多
0人赞 添加讨论(0) 举报
我只想做你的唯一
3楼-- · 2020-07-18 09:05

sometimes this issue will come if you forget to register cors on specified URLs.In WebConfigurer look for corsFilter and and add these line 

 log.debug("Registering CORS filter");
        source.registerCorsConfiguration("/api/**", config);
查看更多
0人赞 添加讨论(0) 举报
▲ chillily
4楼-- · 2020-07-18 09:14

Looks like in the default SecurityConfiguration, its not skipping security check for OPTIONS.

Try adding the following antMatcher to the protected void configure(HttpSecurity http) method in SecurityConfiguration.java

.antMatchers(org.springframework.http.HttpMethod.OPTIONS, "/api/**").permitAll()
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(6)