Win a copy of Java Challengers this week in the Java in General forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • paul wheaton
  • Devaka Cooray
Sheriffs:
  • Jeanne Boyarsky
  • Tim Cooke
  • Liutauras Vilda
Saloon Keepers:
  • Tim Moores
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Piet Souris
Bartenders:
  • salvin francis
  • Mikalai Zaikin
  • Himai Minh

Simplest Way to Enable All CORS for SpringBootApplication.

 
Ranch Hand
Posts: 71
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm trying to get CORS working in a very simple SpringBootApplication, but I keep hitting the CORS issue - when calling the GET from the browser:



From what I read - this is all I should need to open up CORS for everything... but it still doesn't work... Am I missing something?
 
Saloon Keeper
Posts: 12893
280
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I think what you wrote should work.

How do you know that it doesn't? How are you sending the request? What error message are you getting?
 
Perry Terrance
Ranch Hand
Posts: 71
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Stephan van Hulst wrote:I think what you wrote should work.

How do you know that it doesn't? How are you sending the request? What error message are you getting?




For example in my FIREFOX console - if I put the following:



I get the following:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://12.345.678.90:8081/myAPI/test. (Reason: CORS request did not succeed)



Here's something very strange though - I do have a SWAGGER page setup at https://12.345.678.90:8081/myAPI/swagger-ui/.

If goto that page first - and then use the FIREFOX console fetch command once more - the GET request goes through the 2nd time...
 
Stephan van Hulst
Saloon Keeper
Posts: 12893
280
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Can you show us the requests and responses that the network analyzer displays when you send those requests?
 
Perry Terrance
Ranch Hand
Posts: 71
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Stephan van Hulst wrote:Can you show us the requests and responses that the network analyzer displays when you send those requests?



This is what FIREFOX is showing in the NETWORK tab:

XHR OPTIONS https://12.345.678.90:8081/myAPI/test


HEADERS
Accept
*/*
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US,en;q=0.5
Access-Control-Request-Headers
role
Access-Control-Request-Method
GET
Connection
keep-alive
DNT
1
Host
12.345.678.90:8081
Origin
https://12.345.678.90:8080
Referer
https://12.345.678.90:8080/
User-Agent
Mozilla/5.0 Gecko Firefox/87.0

No RESPONSE whatsoever

Security does show a:
An error occurred: MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT

Not sure if this is relevant since I'm testing my own SSL implementation here as well...

From what I understand the CORS config I did here should ALLOW just about EVERYTHING to go through - GET/POST/OPTION - any ORIGIN - any PORTS - etc...

As you are probably aware looking at this - my webpage is hosted on the 8080 PORT and my Spring Boot API is on the 8081 PORT of the same IP...


 
Stephan van Hulst
Saloon Keeper
Posts: 12893
280
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Perry Terrance wrote:No RESPONSE whatsoever


I find this extremely suspect. Even if the service at port 8081 doesn't doesn't allow the request from the script hosted at port 8080, it should still send an (empty) message in response to the OPTIONS request with the response headers set in such a way that it indicates that the preflight failed. No response at all indicates that the culprit is something other than CORS.

MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT
Not sure if this is relevant since I'm testing my own SSL implementation here as well...


This is very likely.

I suggest you try the request over HTTP first to see if CORS is working as expected, and then fix your SSL issues. Note by fixing SSL issues I don't mean fixing your SSL implementation. I mean throwing it away and use something standard. Why are you using your own implementation?

Regardless, your problem is probably solved when you install the self-signed certificate into Firefox' or your operating system's trust store.

As you are probably aware looking at this - my webpage is hosted on the 8080 PORT and my Spring Boot API is on the 8081 PORT of the same IP...


Yes.
 
Bartender
Posts: 2072
13
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Perry,
You may want to try to run this tutorial and see if it works for you:
https://github.com/Java-Techie-jt/spring-security-cors-example

 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic