1

In my project I use OAuth2 authentication for GMail. This is configs:

@Configuration
@Order(97)
@EnableOAuth2Sso
public class OAuth2SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http.cors().and().csrf().disable()
                .sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.NEVER)
                .and()
                .authorizeRequests()
                .antMatchers("/gmail/**", "/login")
                .authenticated();
    }


}

And this is Cors config:

@Configuration
public class CorsConfig {

    @Bean
    public FilterRegistrationBean corsFilterRegistrationBean() {
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        CorsConfiguration config = new CorsConfiguration();
        config.applyPermitDefaultValues();
        config.setAllowCredentials(true);
        config.setAllowedOrigins(Collections.singletonList("*"));
        config.setAllowedHeaders(Collections.singletonList("*"));
        config.setAllowedMethods(Collections.singletonList("*"));
        config.setExposedHeaders(Collections.singletonList("content-length"));
        config.setMaxAge(3600L);
        source.registerCorsConfiguration("/**", config);
        FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source));
        bean.setOrder(0);
        return bean;
    }
}

I work with VueJS for building UI and of corse I use proxy from VueJS (proxyTable) for all requests.

But I can't authenticate GMail account from UI, when I click on button which send request for authentication, it failed with errors:

enter image description here

This is network:

enter image description here

I don't know what to do else. By the way, from browser authentication, when I endpoint /api/gmail/signin - it works great but from project it's not.

Dave
  • 507
  • 7
  • 22
  • As referred with this [thread](https://stackoverflow.com/questions/20035101/why-does-my-javascript-get-a-no-access-control-allow-origin-header-is-present), this might be a CORS problem. The browser might be blocking it as it usually allows a request in the same origin for security reasons. You may also check this [link](https://github.com/jaredhanson/passport/issues/582) for additional information. – abielita Sep 25 '18 at 17:02
  • @abielita I've checked github link and as I see they didn't solve the problem. I tried everything already as in backend and frontend, I mean I put with request all headers what is possible but it still doesn't work and I don't know why. – Dave Sep 25 '18 at 19:11
  • @Dave were you ever able to find the solution? I am running across the same problem now – Eddie Weldon Mar 16 '20 at 05:02

0 Answers0