0

I'm using Spring 4.3.10.RELEASE and I have the current CORS configuration that I found in Spring security CORS Filter

@Bean
CorsConfigurationSource corsConfigurationSource() {
    final CorsConfiguration configuration = new CorsConfiguration();
    configuration.setAllowedOrigins(Collections.singletonList("https://google.com"));
    configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE"));
    configuration.setAllowCredentials(true);
    configuration.setAllowedHeaders(Arrays.asList("Authorization", "Cache-Control", "Content-Type"));
    final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    source.registerCorsConfiguration("/**", configuration);
    return source;
}

If I use:

configuration.setAllowedOrigins(Collections.singletonList("*"));

I can do requests to my API from any site (as expected), but if I try to insert a site or two and request something from those sites, the "missing Access-Control-Allow-Origins" warning appears:

Pedido de origem cruzada bloqueado: A política da mesma origem não permite a leitura do recurso remoto em https://localhost:8241/foo/. (Motivo: cabeçalho CORS 'Access-Control-Allow-Origin' em falta).

TypeError: NetworkError when attempting to fetch resource.

Is it something missing for this case?

Enorio
  • 65
  • 8
  • Show the exact text, it isn't `https://google.com`, right? Did you add the right protocol and the right port? – dur Nov 22 '18 at 15:48
  • The comment is in PT, sorry. – Enorio Nov 22 '18 at 16:35
  • What is the value you wrote in your configuration? Is it also `https://localhost:8241/foo/`? However, it is very strange that you get `/foo/`, because it is not part of the host and should not part of the origin. – dur Nov 22 '18 at 20:15
  • The https://localhost:8241 is where my API is deployed. Do I need to set this URL in the allowed origins too? – Enorio Nov 23 '18 at 09:27
  • What is the real value of `configuration.setAllowedOrigins(Collections.singletonList("https://google.com"));`It should match your server host. – dur Nov 23 '18 at 09:30
  • I'm having trouble understanding what you're asking. Sorry. Are you asking the value in the response header? – Enorio Nov 23 '18 at 09:48

0 Answers0