Required Request Body is missing: CORS policy: No 'Access-Control-Allow-Origin' header is present on

I have following method for the login in the Controller. The problem is when our front end developer try to login from the web-browser for the login he get this error in the front end side:

Access to XMLHttpRequest at 'http://ip-adress:port/login' from origin 'http://localhost:3000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
LoginPage.js:35 Error: Network Error
   at createError (createError.js:16:1)
   at XMLHttpRequest.handleError (xhr.js:117:1)
xhr.js:210 POST http://ip-adress:port/login net::ERR_FAILED 403

I founded this following solution and add in my spring boot application of configuration class.

import javax.servlet.FilterChain; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.springframework.context.annotation.Configuration; import org.springframework.web.cors.CorsConfigurationSource; import org.springframework.web.filter.CorsFilter;    @Configuration    public class CORSFilter extends CorsFilter {        public CORSFilter(CorsConfigurationSource source) {            super((CorsConfigurationSource) source);        }        @Override        protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)                throws ServletException, IOException {            response.addHeader("Access-Control-Allow-Headers",                    "Access-Control-Allow-Origin, Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers");            if (response.getHeader("Access-Control-Allow-Origin") == null)                response.addHeader("Access-Control-Allow-Origin", "*");            filterChain.doFilter(request, response);        }    }
and:
   import org.springframework.context.annotation.Bean;    import org.springframework.context.annotation.Configuration;    import org.springframework.http.HttpMethod;    import org.springframework.web.cors.CorsConfiguration;    import org.springframework.web.cors.CorsConfigurationSource;    import org.springframework.web.cors.UrlBasedCorsConfigurationSource;            @Configuration        public class RestConfig {                @Bean            public CORSFilter corsFilter() {                CorsConfigurationSource source = new UrlBasedCorsConfigurationSource();                CorsConfiguration config = new CorsConfiguration();                config.addAllowedOrigin("*");                config.addAllowedMethod(HttpMethod.DELETE);                config.addAllowedMethod(HttpMethod.GET);                config.addAllowedMethod(HttpMethod.OPTIONS);                config.addAllowedMethod(HttpMethod.PUT);                config.addAllowedMethod(HttpMethod.POST);                ((UrlBasedCorsConfigurationSource) source).registerCorsConfiguration("/**", config);                return new CORSFilter(source);            }        }

We no longer get the cors origin error. But This time I am getting the following warning in my spring boot project. When front end side try to login.

01-2022-12 [warn ] org.springframework.web.servlet.handler.abstracthandlerexceptionresolver.logexception(abstracthandlerexceptionresolver.java:207) - resolved [org.springframework.http.converter.httpmessagenotreadableexception: required request body is missing: public org.springframework.http.responseentity<com.company.ldap.resource.responseresource> com.company.ldap.controller.domainlogincontroller.login(com.company.ldap.data.dto.domainloginrequestdto)]

and front end side this error occur.

Error: Request failed with status code 400
   at createError (createError.js:16:1)
   at settle (settle.js:17:1)
   at XMLHttpRequest.onloadend (xhr.js:66:1)
POST http://172.16.8.84:7070/login 400

This is my controller clas:

@RestController @RequiredArgsConstructor public class DomainLoginController {    private static final Logger LOG = LogManager.getLogger(DomainLoginController.class);    private final DomainLoginService domainLoginService;    @PostMapping("/login")    public ResponseEntity<ResponseResource> login(@RequestBody DomainLoginRequestDto requestDto) {        LOG.info("username : " + requestDto.getUsername() + " type : " + requestDto.getType());        return this.domainLoginService.login(requestDto);    } }

but when I try to make the post request from the postman for the login I didn't get in the above error, everything work fine.

This is my RequestDto class:
@Data public class DomainLoginRequestDto {    private String username;    private String password;    private String type; }

I searched a lot of things but couldn't find a solution. Can you tell me something about what to do?

Don't know, but I think this may be a Spring problem and I shall add you to our Spring forum.
Your post is hard to read because of long lines; I managed to sort out most of the long lines by changing the code tags around your error messages to quote tags. I also changed your DAO class from double spacing to single spacing (much easier to read) and gave it code tags.

Are you allowed to create objects with a password in? I would have thought that is insecure. I also thought that passwords should be stored as a char[], which means the array can be filled with 0s, *s, or random chars after it has been used.

Instead of setting a bunch of insecure CORS headers, why isn't your front-end served by the same host that is hosting the back-end?

If you REALLY want your front-end to have a different origin than your back-end, it's likely that your login issues are caused by the client pre-flighting the POST request with an OPTIONS request, for which your controller doesn't have an end-point.

As you may have noticed by now, CORS is more than just adding headers to a response. It's a protocol that involves multiple requests that you have to deal with in the proper way. I strongly recommend the following approach:

1) Throw away your CORSFilter class.

2) Investigate if you REALLY need cross-origin requests, i.e. does your front-end really need to be served from a different location than your back-end is?

3) If you REALLY need cross-origin requests, use the proper tools provided by Spring. I think there is an @CrossOrigin annotation you can put on your controller, which will let Spring handle the protocol correctly.

Oh and, if you DO decide to use cross-origin requests, please do NOT allow all origins using "*", just because it is easy.

Security is worth the time it takes to do it right. Read how CORS works, read how Spring handles CORS for you, and allow only a carefully selected set of origins to access your back-end.

Stephan van Hulst wrote:Oh and, if you DO decide to use cross-origin requests, please do NOT allow all origins using "*", just because it is easy.

Security is worth the time it takes to do it right. Read how CORS works, read how Spring handles CORS for you, and allow only a carefully selected set of origins to access your back-end.

Yes I need to differeusnt location . I edited my code delete config class and just aded