Keycloak : CORS problem with Angular 6 making XMLHttpRequest to SpringBoot backend

Question

We are facing the following issue with our frontend (Angular 6, http://localhost:4200) calling the backend (SpringBoot, http://localhost:8080) :

Access to XMLHttpRequest at 'http://localhost:8080/typesorganisme' from origin 'http://localhost:4200' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

We are using Keycloak, and the blocked URL is protected.

Following properties has been set for the Keycloak server :

Root Url : http://localhost:4200
Valid Redirect URI’s : http://localhost:4200/*
Web Origins : http://localhost:4200

(We also tried to put "*" in Web Origins, with no results)

And the following CORS properties are normally added to the header by this filter in our backend :

@Override
public void doFilter(final ServletRequest theServletRequest, final ServletResponse theServletResponse, final FilterChain theFilterChain) throws IOException, ServletException
{
    final HttpServletResponse response = (HttpServletResponse) theServletResponse;
    final HttpServletRequest request = (HttpServletRequest) theServletRequest;

    response.setHeader("Access-Control-Allow-Origin", "*");
    response.setHeader("Access-Control-Allow-Methods", "GET,POST,DELETE,PUT,OPTIONS");
    response.setHeader("Access-Control-Allow-Headers", "*");
    response.setHeader("Access-Control-Allow-Credentials", "true");
    response.setHeader("Access-Control-Max-Age", "180");
    response.setHeader("Access-Control-Expose-Headers", "X-Total-Count");
    theFilterChain.doFilter(theServletRequest, theServletResponse);
}

Have you any ideas to solve this ?

UPDATE

After changing the cors filter on my backend, I now have the Access-Control-Allow-Origin correctly exposed but I'm facing an infinite redirect loop on my requests :

redirect loop

Resulting on this Browser Error :

Failed to load resource: net::ERR_TOO_MANY_REDIRECTS

the class implementing filter should be a @Component. Also, the main class needs to scan it — Abhishek Anand, Mar 12 '19 at 09:16
What’s the HTTP status code of the response? Is it 200 OK or instead some 4xx or 5xx error? — sideshowbarker, Mar 12 '19 at 09:17
@sideshowbarker we get a first call with 200 Status (Request Methode : Options) then the second call is made (Request Method : GET) and we get a 302 status. — Quentin Schrute, Mar 12 '19 at 09:20
Whatever the URL that 302 is redirecting the request to, consider updating your frontend code to make the request to that URL instead. That way you avoid the 302. It’s possible the problem you’re hitting is that the server doesn’t add the configured Access-Control-Allow-\* headers to 3xx redirect responses — but instead only to 2xx success responses. — sideshowbarker, Mar 12 '19 at 09:25
Possible duplicate to https://stackoverflow.com/questions/36809528/spring-boot-cors-filter-cors-preflight-channel-did-not-succeed — MoxxiManagarm, Mar 12 '19 at 09:49
@MoxxiManagarm i just tried the cors filter suggested in this issue but i'm getting redirections in cascad : Failed to load resource: net::ERR_TOO_MANY_REDIRECTS — Quentin Schrute, Mar 12 '19 at 10:12

Keycloak : CORS problem with Angular 6 making XMLHttpRequest to SpringBoot backend

0 Answers0