2

I have a problem that I can't access logout, because cors filter runs after spring security filters. I have searched a lot about this and methods described here

Spring Security Logout doesn't work with Spring 4 CORS

or

Spring Data Rest and Cors

don't work.

My configuration

@Configuration
public class RestConfiguration {

@Bean
public CorsFilter corsFilter() {

    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    CorsConfiguration config = new CorsConfiguration();
    config.setAllowCredentials(true); // you USUALLY want this
    config.addAllowedOrigin("*");
    config.addAllowedHeader("*");
    config.addAllowedMethod("GET");
    config.addAllowedMethod("PUT");
    config.addAllowedMethod("POST");
    source.registerCorsConfiguration("/**", config);
    return new CorsFilter(source);
}

}

and my controller

@RequestMapping(value="/logout", method = RequestMethod.POST)
public ResponseEntity<HttpStatus> logout(HttpServletRequest httpServletRequest) {
    // ...
    return new ResponseEntity<>(HttpStatus.OK);
}

in browser I can see this :

XMLHttpRequest cannot load http://localhost:8080/logout. The request was redirected to 'http://localhost:8080/login?logout', which is disallowed for cross-origin requests that require preflight.

Is there any solution to this bug ?

Community
  • 1
  • 1
Fygh
  • 21
  • 2
  • did you see http://stackoverflow.com/questions/31724994/spring-data-rest-and-cors/31748398#comment57207680_31748398 ? –  Oct 09 '16 at 08:01
  • I solved using http.headers().frameOptions().sameOrigin().disable(); in configure method – cody123 Oct 09 '16 at 08:06
  • @RC. do you mean this http.addFilterBefore(corsFilter, ChannelProcessingFilter.class) ? If so, it doesn't work – Fygh Oct 09 '16 at 08:56

0 Answers0