Cors problem #250
Replies: 2 comments 2 replies
-
Hi, @centratelemedia The problem seems to be that CORS headers are used incorrectly. First of all, you can’t use You should either change …
.withHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, request.getHeader(HttpHeaders.ORIGIN))
… You also need to set header "Access-Control-Allow-Credentials" to …
.withHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true")
… Finally, values in your response’s header "Access-Control-Allow-Headers" should include values from request’s header "Access-Control-Request-Headers". You can do something like this: .withHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, "Origin, Content-Type, X-Auth-Token," + request.getHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS)) Not sure whether you need to use the same headers in POST handler or only OPTIONS one for preflight request, you can test that yourself. if(request.getMethod()==HttpMethod.OPTIONS){
return HttpResponse
.ok200()
.withHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, request.getHeader(HttpHeaders.ORIGIN))
.withHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true")
.withHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, "Origin, Content-Type, X-Auth-Token," + request.getHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS))
.withHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, "GET, POST, PATCH, PUT, DELETE, OPTIONS");
}
return HttpResponse
.ok200()
.withHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, request.getHeader(HttpHeaders.ORIGIN))
.withHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true")
.withHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, "Origin, Content-Type, X-Auth-Token," + request.getHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS))
.withHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, "GET, POST, PATCH, PUT, DELETE, OPTIONS")
.withJson(json); I tested the above code locally, and it seems to work just fine. |
Beta Was this translation helpful? Give feedback.
-
Hi @eduard-vasinskyi, I'm also getting a CORS error but I don't want to set the Headers everytime I return a response. Is there anyway to set the Headers just once and have it work for every response? |
Beta Was this translation helpful? Give feedback.
-
what wrong this configuration
config server side :
request client:
response by serve:
Beta Was this translation helpful? Give feedback.
All reactions