Spring boot - Response for preflight does not have HTTP ok status

Question

I am making a web with Angular 5 and I am getting this error every time I try to do a GET request. I've read tons of tons of answers here and none of them working for me.

As I've read it's because I am adding custom headers to this request which needs to be done because I am using Spring Security which I think is causing the problem. This is my current Spring Security config which I've made out of reading questions but still not working, I don't know if I am doing something wrong in it:

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;

import java.util.Arrays;

@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .cors()
                .and()
                .authorizeRequests().anyRequest().permitAll()
                .and()
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
                .csrf().disable();
    }

    @Override
    public void configure(WebSecurity web ) throws Exception
    {
        web.ignoring().antMatchers( HttpMethod.OPTIONS, "/**" );
    }

    @Bean
    CorsConfigurationSource corsConfigurationSource() {
        CorsConfiguration configuration = new CorsConfiguration();
        configuration.setAllowedOrigins(Arrays.asList("*"));
        configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"));
        configuration.setAllowedHeaders(Arrays.asList("authorization", "content-type", "x-auth-token"));
        configuration.setExposedHeaders(Arrays.asList("x-auth-token"));
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", configuration);
        return source;
    }
}

Hope you can give a hand on this bec I've been struggling for a few days with this. I think obviously the problem here is CORS, my GET request being converted to an OPTIONS one bec of the custom headers and Spring Security.

Also I'd like to mention that I am using Spring Boot with Jersey.

Thanks.

Fabiano G&#243;es · Accepted Answer

I was able to solve this problem like this:

My WebMvcConfiguration:

@Configuration
@EnableWebMvc
public class WebConfiguration extends WebMvcConfigurationSupport {

    @Override
    public void addResourceHandlers(ResourceHandlerRegistry registry) {
        registry.addResourceHandler("/**");
    }

}

My Security Configuration:

@Override
protected void configure(HttpSecurity http) throws Exception {
      http.cors().disable()
          .authorizeRequests()
          .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
          .anyRequest()
          .fullyAuthenticated()
          .and()
          .httpBasic()
          .and()
          .csrf().disable();
}

Spring boot - Response for preflight does not have HTTP ok status

Answers (2)

Related Questions