CODEWITHSUNDEEP
angularjsspring-mvccookiescors
Lee Li
Lee Li

Reputation: 45

Browser send the OPTIONS request does not bring the cookie to the server?

In Angularjs config file.

.config(function($httpProvider) {
    $httpProvider.defaults.withCredentials = true;
})

The application using the Angularjs on front-end,using Spring MVC on backend. When user login the application, the backend write the session to the front-end. So the application using the cookie to auth.

The GET and POST request all both ok. But there is a request which method using the "PUT", the browser send a request which's method is "OPTIONS". At that time,the server can't auth the request. Because there is no cookie. So browser send the "OPTIONS" request, it can bring the cookie to Server.

Upvotes: 0

Views: 1588

Answers (1)

sreeramu
sreeramu

Reputation: 1223

You should make sure that your server treats OPTIONS requests separately and doesn't run them through the usual filters (assuming you're using a Java-based back-end). But make sure that the CORS filter adds all the Allow-* headers to their respective responses.

These requests should be treated as unauthenticated, meaning that they don't require credentials, aren't tied to a specific session and most importantly don't set any cookies that can affect your session.

Because of session ID mismatch, CORS filter blocks the requests.

This is a misconception. CORS is agnostic to any user session. It's your server authentication logic that's blocking the request due to the newly created session ID which is invalid.

From : https://stackoverflow.com/a/34640755/3279156

Upvotes: 1

Related Questions