Win a copy of Rust Web Development this week in the Other Languages forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Tim Cooke
  • Campbell Ritchie
  • Ron McLeod
  • Liutauras Vilda
  • Jeanne Boyarsky
Sheriffs:
  • Junilu Lacar
  • Rob Spoor
  • Paul Clapham
Saloon Keepers:
  • Tim Holloway
  • Tim Moores
  • Jesse Silverman
  • Stephan van Hulst
  • Carey Brown
Bartenders:
  • Al Hobbs
  • Piet Souris
  • Frits Walraven

Required Request Body is missing: CORS policy: No 'Access-Control-Allow-Origin' header is present on

 
Greenhorn
Posts: 21
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have following method for the login in the Controller. The problem is when our front end developer try to login from the web-browser for the login he get this error in the front end side:

Access to XMLHttpRequest at 'http://ip-adress:port/login' from origin 'http://localhost:3000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
LoginPage.js:35 Error: Network Error
   at createError (createError.js:16:1)
   at XMLHttpRequest.handleError (xhr.js:117:1)
xhr.js:210 POST http://ip-adress:port/login net::ERR_FAILED 403



I founded this following solution and add in my spring boot application of configuration class.


and:


We no longer get the cors origin error. But This time I am getting the following warning in my spring boot project. When front end side try to login.

01-2022-12 [warn ] org.springframework.web.servlet.handler.abstracthandlerexceptionresolver.logexception(abstracthandlerexceptionresolver.java:207) - resolved [org.springframework.http.converter.httpmessagenotreadableexception: required request body is missing: public org.springframework.http.responseentity<com.company.ldap.resource.responseresource> com.company.ldap.controller.domainlogincontroller.login(com.company.ldap.data.dto.domainloginrequestdto)]



and front end side this error occur.

Error: Request failed with status code 400
   at createError (createError.js:16:1)
   at settle (settle.js:17:1)
   at XMLHttpRequest.onloadend (xhr.js:66:1)
POST http://172.16.8.84:7070/login 400



This is my controller clas:



but when I try to make the post request from the postman for the login I didn't get in the above error, everything work fine.

This is my RequestDto class:


I searched a lot of things but couldn't find a solution. Can you tell me something about what to do?

 
Marshal
Posts: 74637
335
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Don't know, but I think this may be a Spring problem and I shall add you to our Spring forum.
Your post is hard to read because of long lines; I managed to sort out most of the long lines by changing the code tags around your error messages to quote tags. I also changed your DAO class from double spacing to single spacing (much easier to read) and gave it code tags.

Are you allowed to create objects with a password in? I would have thought that is insecure. I also thought that passwords should be stored as a char[], which means the array can be filled with 0s, *s, or random chars after it has been used.
 
Saloon Keeper
Posts: 13481
304
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Instead of setting a bunch of insecure CORS headers, why isn't your front-end served by the same host that is hosting the back-end?

If you REALLY want your front-end to have a different origin than your back-end, it's likely that your login issues are caused by the client pre-flighting the POST request with an OPTIONS request, for which your controller doesn't have an end-point.

As you may have noticed by now, CORS is more than just adding headers to a response. It's a protocol that involves multiple requests that you have to deal with in the proper way. I strongly recommend the following approach:

1) Throw away your CORSFilter class.

2) Investigate if you REALLY need cross-origin requests, i.e. does your front-end really need to be served from a different location than your back-end is?

3) If you REALLY need cross-origin requests, use the proper tools provided by Spring. I think there is an @CrossOrigin annotation you can put on your controller, which will let Spring handle the protocol correctly.
 
Stephan van Hulst
Saloon Keeper
Posts: 13481
304
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Oh and, if you DO decide to use cross-origin requests, please do NOT allow all origins using "*", just because it is easy.

Security is worth the time it takes to do it right. Read how CORS works, read how Spring handles CORS for you, and allow only a carefully selected set of origins to access your back-end.
 
Kenan Teymurov
Greenhorn
Posts: 21
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Stephan van Hulst wrote:Oh and, if you DO decide to use cross-origin requests, please do NOT allow all origins using "*", just because it is easy.

Security is worth the time it takes to do it right. Read how CORS works, read how Spring handles CORS for you, and allow only a carefully selected set of origins to access your back-end.



Yes I need to differeusnt location . I edited my code delete config class and just aded
 
You showed up just in time for the waffles! And this tiny ad:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
reply
    Bookmark Topic Watch Topic
  • New Topic