Spring with CORS origins site not working











up vote
0
down vote

favorite












I'm using Spring 4.3.10.RELEASE and I have the current CORS configuration that I found in Spring security CORS Filter



@Bean
CorsConfigurationSource corsConfigurationSource() {
final CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Collections.singletonList("https://google.com"));
configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE"));
configuration.setAllowCredentials(true);
configuration.setAllowedHeaders(Arrays.asList("Authorization", "Cache-Control", "Content-Type"));
final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}


If I use:



configuration.setAllowedOrigins(Collections.singletonList("*"));


I can do requests to my API from any site (as expected), but if I try to insert a site or two and request something from those sites, the "missing Access-Control-Allow-Origins" warning appears:




Pedido de origem cruzada bloqueado: A política da mesma origem não permite a leitura do recurso remoto em https://localhost:8241/foo/. (Motivo: cabeçalho CORS 'Access-Control-Allow-Origin' em falta).



TypeError: NetworkError when attempting to fetch resource.




Is it something missing for this case?










share|improve this question
























  • Show the exact text, it isn't https://google.com, right? Did you add the right protocol and the right port?
    – dur
    Nov 22 at 15:48












  • The comment is in PT, sorry.
    – Enorio
    Nov 22 at 16:35










  • What is the value you wrote in your configuration? Is it also https://localhost:8241/foo/? However, it is very strange that you get /foo/, because it is not part of the host and should not part of the origin.
    – dur
    Nov 22 at 20:15










  • The localhost:8241 is where my API is deployed. Do I need to set this URL in the allowed origins too?
    – Enorio
    Nov 23 at 9:27










  • What is the real value of configuration.setAllowedOrigins(Collections.singletonList("https://google.com"));It should match your server host.
    – dur
    Nov 23 at 9:30















up vote
0
down vote

favorite












I'm using Spring 4.3.10.RELEASE and I have the current CORS configuration that I found in Spring security CORS Filter



@Bean
CorsConfigurationSource corsConfigurationSource() {
final CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Collections.singletonList("https://google.com"));
configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE"));
configuration.setAllowCredentials(true);
configuration.setAllowedHeaders(Arrays.asList("Authorization", "Cache-Control", "Content-Type"));
final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}


If I use:



configuration.setAllowedOrigins(Collections.singletonList("*"));


I can do requests to my API from any site (as expected), but if I try to insert a site or two and request something from those sites, the "missing Access-Control-Allow-Origins" warning appears:




Pedido de origem cruzada bloqueado: A política da mesma origem não permite a leitura do recurso remoto em https://localhost:8241/foo/. (Motivo: cabeçalho CORS 'Access-Control-Allow-Origin' em falta).



TypeError: NetworkError when attempting to fetch resource.




Is it something missing for this case?










share|improve this question
























  • Show the exact text, it isn't https://google.com, right? Did you add the right protocol and the right port?
    – dur
    Nov 22 at 15:48












  • The comment is in PT, sorry.
    – Enorio
    Nov 22 at 16:35










  • What is the value you wrote in your configuration? Is it also https://localhost:8241/foo/? However, it is very strange that you get /foo/, because it is not part of the host and should not part of the origin.
    – dur
    Nov 22 at 20:15










  • The localhost:8241 is where my API is deployed. Do I need to set this URL in the allowed origins too?
    – Enorio
    Nov 23 at 9:27










  • What is the real value of configuration.setAllowedOrigins(Collections.singletonList("https://google.com"));It should match your server host.
    – dur
    Nov 23 at 9:30













up vote
0
down vote

favorite









up vote
0
down vote

favorite











I'm using Spring 4.3.10.RELEASE and I have the current CORS configuration that I found in Spring security CORS Filter



@Bean
CorsConfigurationSource corsConfigurationSource() {
final CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Collections.singletonList("https://google.com"));
configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE"));
configuration.setAllowCredentials(true);
configuration.setAllowedHeaders(Arrays.asList("Authorization", "Cache-Control", "Content-Type"));
final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}


If I use:



configuration.setAllowedOrigins(Collections.singletonList("*"));


I can do requests to my API from any site (as expected), but if I try to insert a site or two and request something from those sites, the "missing Access-Control-Allow-Origins" warning appears:




Pedido de origem cruzada bloqueado: A política da mesma origem não permite a leitura do recurso remoto em https://localhost:8241/foo/. (Motivo: cabeçalho CORS 'Access-Control-Allow-Origin' em falta).



TypeError: NetworkError when attempting to fetch resource.




Is it something missing for this case?










share|improve this question















I'm using Spring 4.3.10.RELEASE and I have the current CORS configuration that I found in Spring security CORS Filter



@Bean
CorsConfigurationSource corsConfigurationSource() {
final CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Collections.singletonList("https://google.com"));
configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE"));
configuration.setAllowCredentials(true);
configuration.setAllowedHeaders(Arrays.asList("Authorization", "Cache-Control", "Content-Type"));
final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}


If I use:



configuration.setAllowedOrigins(Collections.singletonList("*"));


I can do requests to my API from any site (as expected), but if I try to insert a site or two and request something from those sites, the "missing Access-Control-Allow-Origins" warning appears:




Pedido de origem cruzada bloqueado: A política da mesma origem não permite a leitura do recurso remoto em https://localhost:8241/foo/. (Motivo: cabeçalho CORS 'Access-Control-Allow-Origin' em falta).



TypeError: NetworkError when attempting to fetch resource.




Is it something missing for this case?







spring spring-security






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 22 at 16:34

























asked Nov 22 at 15:23









Enorio

54




54












  • Show the exact text, it isn't https://google.com, right? Did you add the right protocol and the right port?
    – dur
    Nov 22 at 15:48












  • The comment is in PT, sorry.
    – Enorio
    Nov 22 at 16:35










  • What is the value you wrote in your configuration? Is it also https://localhost:8241/foo/? However, it is very strange that you get /foo/, because it is not part of the host and should not part of the origin.
    – dur
    Nov 22 at 20:15










  • The localhost:8241 is where my API is deployed. Do I need to set this URL in the allowed origins too?
    – Enorio
    Nov 23 at 9:27










  • What is the real value of configuration.setAllowedOrigins(Collections.singletonList("https://google.com"));It should match your server host.
    – dur
    Nov 23 at 9:30


















  • Show the exact text, it isn't https://google.com, right? Did you add the right protocol and the right port?
    – dur
    Nov 22 at 15:48












  • The comment is in PT, sorry.
    – Enorio
    Nov 22 at 16:35










  • What is the value you wrote in your configuration? Is it also https://localhost:8241/foo/? However, it is very strange that you get /foo/, because it is not part of the host and should not part of the origin.
    – dur
    Nov 22 at 20:15










  • The localhost:8241 is where my API is deployed. Do I need to set this URL in the allowed origins too?
    – Enorio
    Nov 23 at 9:27










  • What is the real value of configuration.setAllowedOrigins(Collections.singletonList("https://google.com"));It should match your server host.
    – dur
    Nov 23 at 9:30
















Show the exact text, it isn't https://google.com, right? Did you add the right protocol and the right port?
– dur
Nov 22 at 15:48






Show the exact text, it isn't https://google.com, right? Did you add the right protocol and the right port?
– dur
Nov 22 at 15:48














The comment is in PT, sorry.
– Enorio
Nov 22 at 16:35




The comment is in PT, sorry.
– Enorio
Nov 22 at 16:35












What is the value you wrote in your configuration? Is it also https://localhost:8241/foo/? However, it is very strange that you get /foo/, because it is not part of the host and should not part of the origin.
– dur
Nov 22 at 20:15




What is the value you wrote in your configuration? Is it also https://localhost:8241/foo/? However, it is very strange that you get /foo/, because it is not part of the host and should not part of the origin.
– dur
Nov 22 at 20:15












The localhost:8241 is where my API is deployed. Do I need to set this URL in the allowed origins too?
– Enorio
Nov 23 at 9:27




The localhost:8241 is where my API is deployed. Do I need to set this URL in the allowed origins too?
– Enorio
Nov 23 at 9:27












What is the real value of configuration.setAllowedOrigins(Collections.singletonList("https://google.com"));It should match your server host.
– dur
Nov 23 at 9:30




What is the real value of configuration.setAllowedOrigins(Collections.singletonList("https://google.com"));It should match your server host.
– dur
Nov 23 at 9:30

















active

oldest

votes











Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53434059%2fspring-with-cors-origins-site-not-working%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown






























active

oldest

votes













active

oldest

votes









active

oldest

votes






active

oldest

votes
















draft saved

draft discarded




















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.





Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


Please pay close attention to the following guidance:


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53434059%2fspring-with-cors-origins-site-not-working%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

What visual should I use to simply compare current year value vs last year in Power BI desktop

How to ignore python UserWarning in pytest?

Alexandru Averescu