Spring with CORS origins site not working
up vote
0
down vote
favorite
I'm using Spring 4.3.10.RELEASE and I have the current CORS configuration that I found in Spring security CORS Filter
@Bean
CorsConfigurationSource corsConfigurationSource() {
final CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Collections.singletonList("https://google.com"));
configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE"));
configuration.setAllowCredentials(true);
configuration.setAllowedHeaders(Arrays.asList("Authorization", "Cache-Control", "Content-Type"));
final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
If I use:
configuration.setAllowedOrigins(Collections.singletonList("*"));
I can do requests to my API from any site (as expected), but if I try to insert a site or two and request something from those sites, the "missing Access-Control-Allow-Origins" warning appears:
Pedido de origem cruzada bloqueado: A política da mesma origem não permite a leitura do recurso remoto em https://localhost:8241/foo/. (Motivo: cabeçalho CORS 'Access-Control-Allow-Origin' em falta).
TypeError: NetworkError when attempting to fetch resource.
Is it something missing for this case?
spring spring-security
asked Nov 22 at 15:23
Enorio
54
|
show 1 more comment
up vote
0
down vote
favorite
I'm using Spring 4.3.10.RELEASE and I have the current CORS configuration that I found in Spring security CORS Filter
@Bean
CorsConfigurationSource corsConfigurationSource() {
final CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Collections.singletonList("https://google.com"));
configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE"));
configuration.setAllowCredentials(true);
configuration.setAllowedHeaders(Arrays.asList("Authorization", "Cache-Control", "Content-Type"));
final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
If I use:
configuration.setAllowedOrigins(Collections.singletonList("*"));
I can do requests to my API from any site (as expected), but if I try to insert a site or two and request something from those sites, the "missing Access-Control-Allow-Origins" warning appears:
Pedido de origem cruzada bloqueado: A política da mesma origem não permite a leitura do recurso remoto em https://localhost:8241/foo/. (Motivo: cabeçalho CORS 'Access-Control-Allow-Origin' em falta).
TypeError: NetworkError when attempting to fetch resource.
Is it something missing for this case?
spring spring-security
asked Nov 22 at 15:23
Enorio
54
Show the exact text, it isn'thttps://google.com, right? Did you add the right protocol and the right port?
– dur
Nov 22 at 15:48
The comment is in PT, sorry.
– Enorio
Nov 22 at 16:35
What is the value you wrote in your configuration? Is it alsohttps://localhost:8241/foo/? However, it is very strange that you get/foo/, because it is not part of the host and should not part of the origin.
– dur
Nov 22 at 20:15
The localhost:8241 is where my API is deployed. Do I need to set this URL in the allowed origins too?
– Enorio
Nov 23 at 9:27
What is the real value ofconfiguration.setAllowedOrigins(Collections.singletonList("https://google.com"));It should match your server host.
– dur
Nov 23 at 9:30
|
show 1 more comment
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I'm using Spring 4.3.10.RELEASE and I have the current CORS configuration that I found in Spring security CORS Filter
@Bean
CorsConfigurationSource corsConfigurationSource() {
final CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Collections.singletonList("https://google.com"));
configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE"));
configuration.setAllowCredentials(true);
configuration.setAllowedHeaders(Arrays.asList("Authorization", "Cache-Control", "Content-Type"));
final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
If I use:
configuration.setAllowedOrigins(Collections.singletonList("*"));
I can do requests to my API from any site (as expected), but if I try to insert a site or two and request something from those sites, the "missing Access-Control-Allow-Origins" warning appears:
Pedido de origem cruzada bloqueado: A política da mesma origem não permite a leitura do recurso remoto em https://localhost:8241/foo/. (Motivo: cabeçalho CORS 'Access-Control-Allow-Origin' em falta).
TypeError: NetworkError when attempting to fetch resource.
Is it something missing for this case?
spring spring-security
asked Nov 22 at 15:23
Enorio
54
I'm using Spring 4.3.10.RELEASE and I have the current CORS configuration that I found in Spring security CORS Filter
@Bean
CorsConfigurationSource corsConfigurationSource() {
final CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Collections.singletonList("https://google.com"));
configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE"));
configuration.setAllowCredentials(true);
configuration.setAllowedHeaders(Arrays.asList("Authorization", "Cache-Control", "Content-Type"));
final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
If I use:
configuration.setAllowedOrigins(Collections.singletonList("*"));
I can do requests to my API from any site (as expected), but if I try to insert a site or two and request something from those sites, the "missing Access-Control-Allow-Origins" warning appears:
Pedido de origem cruzada bloqueado: A política da mesma origem não permite a leitura do recurso remoto em https://localhost:8241/foo/. (Motivo: cabeçalho CORS 'Access-Control-Allow-Origin' em falta).
TypeError: NetworkError when attempting to fetch resource.
Is it something missing for this case?
spring spring-security
spring spring-security
asked Nov 22 at 15:23
Enorio
54
asked Nov 22 at 15:23
Enorio
54
edited Nov 22 at 16:34
asked Nov 22 at 15:23
Enorio
54
asked Nov 22 at 15:23
Enorio
54
asked Nov 22 at 15:23
Enorio
54
54
Show the exact text, it isn'thttps://google.com, right? Did you add the right protocol and the right port?
– dur
Nov 22 at 15:48
The comment is in PT, sorry.
– Enorio
Nov 22 at 16:35
What is the value you wrote in your configuration? Is it alsohttps://localhost:8241/foo/? However, it is very strange that you get/foo/, because it is not part of the host and should not part of the origin.
– dur
Nov 22 at 20:15
The localhost:8241 is where my API is deployed. Do I need to set this URL in the allowed origins too?
– Enorio
Nov 23 at 9:27
What is the real value ofconfiguration.setAllowedOrigins(Collections.singletonList("https://google.com"));It should match your server host.
– dur
Nov 23 at 9:30
|
show 1 more comment
Show the exact text, it isn'thttps://google.com, right? Did you add the right protocol and the right port?
– dur
Nov 22 at 15:48
The comment is in PT, sorry.
– Enorio
Nov 22 at 16:35
What is the value you wrote in your configuration? Is it alsohttps://localhost:8241/foo/? However, it is very strange that you get/foo/, because it is not part of the host and should not part of the origin.
– dur
Nov 22 at 20:15
The localhost:8241 is where my API is deployed. Do I need to set this URL in the allowed origins too?
– Enorio
Nov 23 at 9:27
What is the real value ofconfiguration.setAllowedOrigins(Collections.singletonList("https://google.com"));It should match your server host.
– dur
Nov 23 at 9:30
Show the exact text, it isn't
https://google.com, right? Did you add the right protocol and the right port?– dur
Nov 22 at 15:48
Show the exact text, it isn't
https://google.com, right? Did you add the right protocol and the right port?– dur
Nov 22 at 15:48
The comment is in PT, sorry.
– Enorio
Nov 22 at 16:35
The comment is in PT, sorry.
– Enorio
Nov 22 at 16:35
What is the value you wrote in your configuration? Is it also
https://localhost:8241/foo/? However, it is very strange that you get /foo/, because it is not part of the host and should not part of the origin.– dur
Nov 22 at 20:15
What is the value you wrote in your configuration? Is it also
https://localhost:8241/foo/? However, it is very strange that you get /foo/, because it is not part of the host and should not part of the origin.– dur
Nov 22 at 20:15
The localhost:8241 is where my API is deployed. Do I need to set this URL in the allowed origins too?
– Enorio
Nov 23 at 9:27
The localhost:8241 is where my API is deployed. Do I need to set this URL in the allowed origins too?
– Enorio
Nov 23 at 9:27
What is the real value of
configuration.setAllowedOrigins(Collections.singletonList("https://google.com"));It should match your server host.– dur
Nov 23 at 9:30
What is the real value of
configuration.setAllowedOrigins(Collections.singletonList("https://google.com"));It should match your server host.– dur
Nov 23 at 9:30
|
show 1 more comment
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53434059%2fspring-with-cors-origins-site-not-working%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Show the exact text, it isn't
https://google.com, right? Did you add the right protocol and the right port?– dur
Nov 22 at 15:48
The comment is in PT, sorry.
– Enorio
Nov 22 at 16:35
What is the value you wrote in your configuration? Is it also
https://localhost:8241/foo/? However, it is very strange that you get/foo/, because it is not part of the host and should not part of the origin.– dur
Nov 22 at 20:15
The localhost:8241 is where my API is deployed. Do I need to set this URL in the allowed origins too?
– Enorio
Nov 23 at 9:27
What is the real value of
configuration.setAllowedOrigins(Collections.singletonList("https://google.com"));It should match your server host.– dur
Nov 23 at 9:30