CODEWITHSUNDEEP
javajavascriptangularjsspring-mvccors
eversor
eversor

Reputation: 3073

POST Blocked even when CORS is enabled

I have created a SimpleCORSFilterbased on the SpringMVC guide to allow CORS:

@Component
public class SimpleCORSFilter implements Filter {

    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
        HttpServletResponse response = (HttpServletResponse) res;
        response.setHeader("Access-Control-Allow-Origin", "*");
        response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT");
        response.setHeader("Access-Control-Max-Age", "3600");
        response.setHeader("Access-Control-Allow-Headers", "x-requested-by");
        chain.doFilter(req, res);
    }
}

The controller code for the POST and PUT request is the following:

@RequestMapping(
        produces = MediaType.APPLICATION_JSON_VALUE,
        method = RequestMethod.PUT,
        value = "admin/tile/{id}"
)
public boolean saveNewTile(@PathVariable("id") String id) {
    ContextEntity contextEntity = new ContextEntity("tile", id);
    //TODO: USE CUSTOM DATABASE
    contextEntityDAO.save(contextEntity);

    return true;
}

@RequestMapping(
        produces = MediaType.APPLICATION_JSON_VALUE,
        method = RequestMethod.POST,
        value = "admin/tile/{id}"
)
public boolean updateTile(@PathVariable("id") String id, @RequestParam(required = false) ContextAttribute[] atts) {
    ContextEntity contextEntity = contextEntityDAO.findById(id);
    contextEntity.addContextAttributes(atts);

    contextEntityDAO.save(contextEntity);
    return true;
}

With AngularJS v1.3.14 I am able to do GET and PUT requests, but when I try to do a POST, Firefox notifies me that the request has been blocked since the same-origin policy...

This part works fine, for instance

$scope.onTestOnlyClick = function() {
  $http.put('http://localhost:8080/admin/tile/' + tile.id)
};

However, when I do

$http.post('http://localhost:8080/admin/tile/' + tile.id, contextAtts);

It cannot complete the request, and both lines are in the same controller!

This is what I see with Firebug, for some reason, when I perform a POST, Firebug only shows an OPTIONS request, there is no POST afterwards. enter image description here

Thanks.

Upvotes: 2

Views: 2482

Answers (2)

streak
streak

Reputation: 1151

Try doing this-

@Component
public class SimpleCORSFilter implements Filter {

    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
        HttpServletResponse response = (HttpServletResponse) res;
        response.setHeader("Access-Control-Allow-Origin", "*");
        response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT");
        response.setHeader("Access-Control-Max-Age", "3600");
        response.setHeader("Access-Control-Allow-Headers", "x-requested-by");
        chain.doFilter(req, res);
        return;
     }
}

Upvotes: 0

Onur Aktaş
Onur Aktaş

Reputation: 410

Add Content-Type to Access-Control-Allow-Headers in your filter. Tested on my local with success.

response.setHeader("Access-Control-Allow-Origin", "*");
    response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
    response.setHeader("Access-Control-Max-Age", "3600");
    response.setHeader("Access-Control-Allow-Headers", "Content-Type, Origin, Cache-Control, X-Requested-With");
    response.setHeader("Access-Control-Allow-Credentials", "true");

Upvotes: 2

Related Questions