Spring-boot: CORS not working?
Using Athens-RC1/Boot-1.4.0
added this inner class, debugger shows the method executing
@Profile( "development" )
@Configuration
static class Dev extends WebMvcConfigurerAdapter {
@Override
public void addCorsMappings( final CorsRegistry registry ) {
registry.addMapping( "/**" )
.allowedOrigins( "http://localhost:9000" );
}
}
but no headers
platform % curl -vvv http://localhost:8080/health slave-vi
* Trying ::1...
* Connected to localhost (::1) port 8080 (#0)
> GET /health HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.50.0
> Accept: */*
>
< HTTP/1.1 200
< X-Application-Context: application:xenoterracide,development
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< X-Frame-Options: DENY
< Content-Type: application/json;charset=UTF-8
< Transfer-Encoding: chunked
< Date: Fri, 05 Aug 2016 01:01:17 GMT
<
* Connection #0 to host localhost left intact
{"status":"UP"}
also tried adding this to the application-xenoterracide.properties
endpoints.cors.allowed-origins=http://localhost:9000
xenoterracide
All 5 comments
Thanks for getting in touch, but it feels like this is a question that would be better suited to Stack Overflow. As mentioned in the guidelines for contributing, we prefer to use GitHub issues only for bugs and enhancements. Feel free to update this issue with a link to the re-posted question (so that other people can find it) or add some more details if you feel this is a genuine bug.
snicoll
on 5 Aug 2016
xenoterracide
on 5 Aug 2016
added this inner class, debugger shows the method executing
@Profile( "development" )
@Configuration
static class Dev extends WebMvcConfigurerAdapter {
@Override
public void addCorsMappings( final CorsRegistry registry ) {
registry.addMapping( "/health" )
.allowedOrigins( "http://localhost:9000" )
.allowedHeaders( "*" )
.allowedMethods( "GET", "OPTIONS" );
}
}
but no header, an options request
rpf-content-manager % curl -vvv -H"Origin: http://localhost:9000" -XOPTIONS http://localhost:8080/health slave-vi
* Trying ::1...
* Connected to localhost (::1) port 8080 (#0)
> OPTIONS /health HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.50.0
> Accept: */*
> Origin: http://localhost:9000
>
< HTTP/1.1 200
< X-Application-Context: application:xenoterracide,development
< Allow: GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< X-Frame-Options: DENY
< Content-Length: 0
< Date: Fri, 05 Aug 2016 04:51:41 GMT
<
also tried adding this to the application-xenoterracide.properties
endpoints.cors.max-age=300
endpoints.cors.allowed-origins=http://localhost:9000
you can see from the configurations that that many headers aren't supposed to be there, a max-age should be and so should an origin... seems to be falling to a default config. At the very least I would say documentation needs to be improved.
xenoterracide
on 5 Aug 2016
hmm... still can't get the java config working but I don't actually need that... the properties seems to be just me setting the headers wrong though.
xenoterracide
on 5 Aug 2016
@xenoterracide Did you solve the problem? I have the same issue with Spring Boot 1.4.3 (with Security enabled). Access-Control-Allow-Origin is working on all methods except OPTIONS, it's driving me crazy.
Update: I checked your StackOverflow post, unfortunately in my case adding -H 'Access-Control-Request-Method: GET' didn't change anything in the response. :( probably different issue
ceefour
on 22 Apr 2017
Related issues
mkgit007
路
3Comments
zhanhb
路
3Comments
developmentMLPN
路
3Comments
lievendoclo
路
3Comments
Dasiu
路
3Comments
Most helpful comment
@xenoterracide Did you solve the problem? I have the same issue with Spring Boot 1.4.3 (with Security enabled). Access-Control-Allow-Origin is working on all methods except OPTIONS, it's driving me crazy.
Update: I checked your StackOverflow post, unfortunately in my case adding
-H 'Access-Control-Request-Method: GET'didn't change anything in the response. :( probably different issue