Hey guys, I’m trying to create an API for my web app. When I send an API call from my frontend to my backend, a cors error occurs. How can the cors problem be solved? I’ve read a lot of threads, but I haven’t made any progress. I’m using Spring Boot + Okta + Angular.
SpringConfig.class
@Configuration
@EnableWebMvc
public class SpringConfig implements WebMvcConfigurer, Filter {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**");
}
@Bean
public ModelMapper modelMapper() {
return new ModelMapper();
}
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) {
HttpServletResponse response = (HttpServletResponse) res;
HttpServletRequest request = (HttpServletRequest) req;
System.out.println("WebConfig; "+request.getRequestURI());
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Methods", "POST, PUT, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Allow-Headers", "Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With,observe");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Expose-Headers", "Authorization");
response.addHeader("Access-Control-Expose-Headers", "responseType");
response.addHeader("Access-Control-Expose-Headers", "observe");
System.out.println("Request Method: "+request.getMethod());
if (!(request.getMethod().equalsIgnoreCase("OPTIONS"))) {
try {
chain.doFilter(req, res);
} catch(Exception e) {
e.printStackTrace();
}
} else {
System.out.println("Pre-flight");
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Methods", "POST,GET,DELETE,PUT");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "Access-Control-Expose-Headers"+"Authorization, content-type," +
"USERID"+"ROLE"+
"access-control-request-headers,access-control-request-method,accept,origin,authorization,x-requested-with,responseType,observe");
response.setStatus(HttpServletResponse.SC_OK);
}
}
}
SpringSecurityConfig.class
@EnableWebSecurity
@Configuration
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.cors().and()
.authorizeRequests().anyRequest().authenticated()
.and().oauth2Client()
.and().oauth2Login();
}
}
UserController.class
@RestController
public class UserManagementRestController {
...
@GetMapping("/user/does-exist")
@ResponseBody
@ResponseStatus(HttpStatus.OK)
public boolean userExists(Principal principal) {
return userServiceFacadeImpl.doesUserExist(principal.getName());
}
...
}
Rest call from Angular
return this.httpClient.get('http://localhost:8080/user/' + 'does-exist').subscribe((v) => {
this.logger.debug(this.LOGGER + 'val: ' + v);
}, (err: HttpErrorResponse) => {
this.logger.debug(this.LOGGER + 'err: ' + err.message);
});
Error
