{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 闹够了就滚 的问题《Response for preflight has invalid HTTP status cod》','https://www.manongdao.com/q-98680.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
everyone. I'm new to Angular 2 and Spring Framework. I'm trying a simple get request with an authorization header (basic auth).
I'm using Spring Boot (1.2.6.RELEASE), which can also be relevant. My CORS configuration looks like this.
@Component
public class SimpleCorsFilter implements Filter {
private final Logger log = LoggerFactory.getLogger(SimpleCorsFilter.class);
public SimpleCorsFilter() {
log.info("SimpleCORSFilter init");
}
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin"));
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE, PUT");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "Content-Type, Accept, X-Requested-With, remember-me, authorization, x-auth-token");
chain.doFilter(req, res);
}
@Override
public void init(FilterConfig filterConfig) {
}
@Override
public void destroy() {
}
}
And here's what it looks like from the client side
this.headers.append('Authorization', 'Basic dXNlcjphZG1pbg==');
return this.http
.get(`http://localhost:8080/api/login?username=${username}`, {headers : this.headers} )
.map(response => response.json().data as any);
}
I keep getting:
XMLHttpRequest cannot load http://localhost:8080/api/login?username=user. Response for preflight has invalid HTTP status code 401
Please help, i don't know what i'm missing... I checked around a lot of posts already but couldn't get there...
avoid filtering and set status 200 when http method is OPTIONS
If there is anyone getting into the similar situation working around with Spring Boot, Spring Security and clients like angular 2/4, I've posted the findings here.
For those who are looking for a short answer, you have to configure two things:
With Spring Boot, the recommended way to enable global CORS is to declare within Spring MVC and combined with fine-grained
@CrossOriginconfiguration as:Then, while working with Spring Security, you have to enable CORS at Spring Security level as well to allow it to leverage the configuration defined at Spring MVC level as:
Cheers!!!
This could be very late but this could solve some ones problem, after long hours i found the answer
Refer https://stackoverflow.com/a/45830981/3724760
Another option as in spring security guide:
in security config class which extends WebSecurityConfigurerAdapter configure cors()