Reputation: 1302
Invalid CORS request in Spring
I am trying to enable certain IPs to access a particular method.
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/updateDetail")
.allowedOrigins("127.0.0.1", "10.96.33.45")
.allowedMethods("GET", "POST");
}
But when I am trying to call the same method I am getting invalid CORS request. Can anyone help me with this?
Upvotes: 13
Views: 36689
Answers (4)
Reputation: 1548
if you started your application at localhost, the browser formulates the origin as null, so application will not get the origin localhost:8080 or 127.0.0.1, it will get null
I think changing 127.0.0.1 with null will fix your problem
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/updateDetail")
.allowedOrigins("null", "10.96.33.45")
.allowedMethods("GET", "POST");
}
Upvotes: 2
Reputation: 2329
I was debugging problem like this for few days. The actual problem was that I had typo in my service uri name /data vs. /daba etc. This cause SpringBoot to fail to retrieve CORS configuration (even when I had /** mapping) so CORS-preflight got status 403, which caused browser not to make the actual request at all - if browser would have fired the request, Spring would have returned "Resource not found" and then I would have noticed the typo much faster.
Upvotes: 0
Reputation: 303
This class is what are you looking for:
@Component
@Order(Ordered.HIGHEST_PRECEDENCE)
public class SimpleCorsFilter implements Filter {
public SimpleCorsFilter() {
}
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) res;
HttpServletRequest request = (HttpServletRequest) req;
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE, PUT");
response.setHeader("Access-Control-Max-Age", "12000");
response.setHeader("Access-Control-Allow-Headers", "Access-Control-Allow-Headers, Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With");
response.setHeader("Access-Control-Expose-Headers", "*");
if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {
response.setStatus(HttpServletResponse.SC_OK);
} else {
chain.doFilter(req, res);
}
}
@Override
public void init(FilterConfig filterConfig) {
}
@Override
public void destroy() {
}
}
This filter will resolve all your cors issues
Upvotes: 4
Reputation: 1842
"Invalid CORS request" is returned by org.springframework.web.cors.DefaultCorsProcessor when
- Spring is configured to use CORS and
- browser sends "Origin" header with the request and it does not match with your server domain/port/scheme and
- response does not have "Access-Control-Allow-Origin" header and
- the request is not a preflight request.
If you don't need CORS, call cors().disable() in your implementation of WebSecurityConfigurerAdapter#configure(HttpSecurity http) (there might be other ways to do this, for example if you use Spring Boot).
Or you could add "Access-Control-Allow-Origin" header to your reponses using e.g. org.springframework.web.cors.CorsConfiguration or addCorsMappings (like you did, but maybe you should add more methods or url or IP doesn't match?).
Upvotes: 11
Related Questions
- CORS settings in Spring boot does not work
- Unable to resolve CORS errors
- Spring Boot and CORS
- CORS in spring boot is not working - getting empty response
- Spring Boot, CORS problem: Response to preflight request doesn't pass access control check: It does not have HTTP ok status
- Spring Boot CORS issue
- CORS policy conflict in Spring boot
- CORS problems with spring boot security
- Spring-Boot RestController fails during CORS
- Spring 4.2.2 CORS Support not working