CODEWITHSUNDEEP
angularspring-securityangular7angular-httpclient
Jozef Morvay
Jozef Morvay

Reputation: 131

Angular 7 HttpClient post response headers are empty

I am trying to perform login from Angular 7 with Spring security backend:

login(username: string, password: string) {

    const formData = new FormData();
    formData.append('username', username);
    formData.append('password', password);

    return this.http.post<UserInfo>(`${API_URL}/login`, formData, {observe: 'response'})
      .pipe(map(response => {

        const jwtToken = response.headers.get(AUTHORIZATION).replace('Bearer', '').trim();
        const userInfo = response.body;

        if (jwtToken && userInfo) {
          const user = new User(username, password, jwtToken, userInfo);
          localStorage.setItem(CURRENT_USER, JSON.stringify(user));
          this.currentUserSubject.next(user);
        }

        return response;
      }));
  }

But, response.headers is simply empty and contains no headers whatsoever. Postman and Chrome dev tools show many headers and even the one I need - Authorization. I have reviewed many SO questions and github issues, but they all say the same thing, which does not work for me - to simply list the header in CORS Access-Control-Expose-Headers, but I have done that and nothing changed. Here is a relevant Spring configuration:

@Bean
    public CorsConfigurationSource corsConfigurationSource() {
        CorsConfiguration configuration = new CorsConfiguration();
        configuration.addAllowedOrigin("http://localhost:4200");
        configuration.addExposedHeader("Authorization");
        configuration.addAllowedMethod("*");
        configuration.addAllowedHeader("*");
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", configuration);
        return source;
    }

At this point I am stuck and have no idea how to make Angular access those headers:

enter image description here

Upvotes: 2

Views: 4029

Answers (2)

D. Winz
D. Winz

Reputation: 21

On server side you need to configure "Access-Control-Allow-Headers". Refer this post: Angular 6 Get response headers with httpclient issue .

For me this configuration did the trick:

@Bean
CorsConfigurationSource corsConfigurationSource() {
    final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    CorsConfiguration config = new CorsConfiguration();
    config.setAllowCredentials(true);
    config.addAllowedOrigin("*");
    config.addExposedHeader(
            "Authorization, x-xsrf-token, Access-Control-Allow-Headers, Origin, Accept, X-Requested-With, "
                    + "Content-Type, Access-Control-Request-Method, Custom-Filter-Header");
    config.addAllowedHeader("*");
    config.addAllowedMethod("OPTIONS");
    config.addAllowedMethod("GET");
    config.addAllowedMethod("POST");
    config.addAllowedMethod("PUT");
    config.addAllowedMethod("DELETE");
    source.registerCorsConfiguration("/**", config);
    return source;
}

Upvotes: 0

Vadim
Vadim

Reputation: 3439

You need authorization header, which you can get by response.headers.get("Authorization"). Try:

const jwtToken = response.headers.get("Authorization").replace('Bearer', '').trim();

Upvotes: 2

Related Questions