CODEWITHSUNDEEP
reactjsspring-securityspring-security-oauth2spring-data-restspring-social-facebook
The Coder
The Coder

Reputation: 4067

CORS error for a server sent redirect URL for facebook social login

So, I have written a REST API using Spring(java), which is secured using Basic Authentication and also responsible for handling the social-logins. Below is the configuration for facebook login.

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
     //autowired

    @Bean
    @Override
    protected AuthenticationManager authenticationManager() throws Exception {
        return super.authenticationManager();
    }

    @Bean
    public ProviderSignInController providerSignInController() {
        return new ProviderSignInController(connectionFactoryLocator(), usersConnectionRepository(),
                new FacebookSignInAdapter());
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(NoOpPasswordEncoder.getInstance());
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
        .authorizeRequests()
        .antMatchers("/login*", "/signin/**", "/signup/**").permitAll()
        .anyRequest().authenticated()
        .and().httpBasic()
        .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
        .and().csrf().disable()
        ;
    }

    @Bean
    public ConnectionFactoryLocator connectionFactoryLocator() {
        ConnectionFactoryRegistry registry = new ConnectionFactoryRegistry();

        registry.addConnectionFactory(new FacebookConnectionFactory(environment.getProperty("facebook.clientId"),
                environment.getProperty("facebook.clientSecret")));

        return registry;
    }

    @Bean
    public UsersConnectionRepository usersConnectionRepository() {
        return new InMemoryUsersConnectionRepository(connectionFactoryLocator());

    }

}

Dependency used:

<dependency>
    <groupId>org.springframework.social</groupId>
    <artifactId>spring-social-facebook</artifactId>
    <version>2.0.3.RELEASE</version>
</dependency>

Now my frontend is written using React.js and running at https://localhost:3000. It has a button Signin using Facebook which sends a POST request to https://localhost:8443/signin/facebook. /signin/facebook is the URL provided by Spring-Security. The REST API returns a redirect url, to which the browser is blocking for CORS issue. I understand the CORS and have configured at my backend(that's why frontend is able to send request).

Access to XMLHttpRequest at 'https://www.facebook.com/v2.5/dialog/oauth?client_id=2198xxxxxx91&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A8443%2Fsignin%2Ffacebook&state=xxxx' (redirected from 'https://localhost:8443/signin/facebook') from origin 'null' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

So, what is the resolution to this? I googled it, and read somewhere that the CORS is handled by backend, not the frontend. But the backend is already handling the CORS. what should be the configuration for this?

Upvotes: 2

Views: 537

Answers (0)

Related Questions