Access to XMLHttpRequest has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource

Questions OAuth/OIDC
1

Hey guys, I’m trying to create an API for my web app. When I send an API call from my frontend to my backend, a cors error occurs. How can the cors problem be solved? I’ve read a lot of threads, but I haven’t made any progress. I’m using Spring Boot + Okta + Angular.

SpringConfig.class

@Configuration
@EnableWebMvc
public class SpringConfig implements WebMvcConfigurer, Filter {

    @Override
    public void addCorsMappings(CorsRegistry registry) {
        registry.addMapping("/**");
    }

    @Bean
    public ModelMapper modelMapper() {
        return new ModelMapper();
    }

    @Override
    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) {
        HttpServletResponse response = (HttpServletResponse) res;
        HttpServletRequest request = (HttpServletRequest) req;
        System.out.println("WebConfig; "+request.getRequestURI());
        response.setHeader("Access-Control-Allow-Origin", "*");
        response.setHeader("Access-Control-Allow-Methods", "POST, PUT, GET, OPTIONS, DELETE");
        response.setHeader("Access-Control-Allow-Headers", "Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With,observe");
        response.setHeader("Access-Control-Max-Age", "3600");
        response.setHeader("Access-Control-Allow-Credentials", "true");
        response.setHeader("Access-Control-Expose-Headers", "Authorization");
        response.addHeader("Access-Control-Expose-Headers", "responseType");
        response.addHeader("Access-Control-Expose-Headers", "observe");
        System.out.println("Request Method: "+request.getMethod());
        if (!(request.getMethod().equalsIgnoreCase("OPTIONS"))) {
            try {
                chain.doFilter(req, res);
            } catch(Exception e) {
                e.printStackTrace();
            }
        } else {
            System.out.println("Pre-flight");
            response.setHeader("Access-Control-Allow-Origin", "*");
            response.setHeader("Access-Control-Allow-Methods", "POST,GET,DELETE,PUT");
            response.setHeader("Access-Control-Max-Age", "3600");
            response.setHeader("Access-Control-Allow-Headers", "Access-Control-Expose-Headers"+"Authorization, content-type," +
                    "USERID"+"ROLE"+
                    "access-control-request-headers,access-control-request-method,accept,origin,authorization,x-requested-with,responseType,observe");
            response.setStatus(HttpServletResponse.SC_OK);
        }

    }


}

SpringSecurityConfig.class

@EnableWebSecurity
@Configuration
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
    	http
                .cors().and()
                .authorizeRequests().anyRequest().authenticated()
                .and().oauth2Client()
                .and().oauth2Login();
    }

}

UserController.class

@RestController
public class UserManagementRestController {
    ...
	@GetMapping("/user/does-exist")
	@ResponseBody
	@ResponseStatus(HttpStatus.OK)
	public boolean userExists(Principal principal) {
		return userServiceFacadeImpl.doesUserExist(principal.getName());
	}
    ...
}

Rest call from Angular

return this.httpClient.get('http://localhost:8080/user/' + 'does-exist').subscribe((v) => {
        this.logger.debug(this.LOGGER + 'val: ' + v);
      }, (err: HttpErrorResponse) => {
        this.logger.debug(this.LOGGER + 'err: ' + err.message);
      });

Error

Unbenannt
Unbenannt1900×2344 183 KB

2

Hi. I had the same issue: You can’t configure cors using auth with generic adress like *.:Try to set up a full url it should work.