Access to XMLHttpRequest at Access to XMLHttpRequest has been blocked by CORS policy

Question

My application has angular front end and springboot back end. When i call backend api (localhost:8080/test) from frontend (localhost:4200) it gives an Error.

Access to XMLHttpRequest at http://localhost:8080/api/XXX/1 from origin http://localhost:4200 has been blocked by CORS policy: 
Response to preflight request doesn't pass access control check: 
The value of the 'Access-Control-Allow-Credentials' header in the response is '' which must be 'true' when the request's credentials mode is 'include'. 
The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

My request hearder information as below,

Request URL: http://localhost:8080/api/testSuite/execute/1
Referrer Policy: no-referrer-when-downgrade
Provisional headers are shown
Accept: application/json
Content-Type: application/json
Referer: http://localhost:4200/testSuite
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36

Enable CORS in the back end, and don't forget to allow OPTIONS requests, as the browser sends one as pre-flight. — Will Alexander, Aug 11 '19 at 11:59

score 0 · Answer 1 · answered Aug 11 '19 at 06:41

The issue is likely due to CSRF protection. To disable CSRF protection you can use the following:

@Configuration
@EnableWebSecurity
public class WebSecurityConfig
    extends WebSecurityConfigurerAdapter implements ApplicationContextAware {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            // ...
            .csrf().disable(); //add this
    }

    @Override
    protected void registerAuthentication(AuthenticationManagerBuilde r authManagerBuilder) throws Exception {
        authManagerBuilder
            .inMemoryAuthentication()
                .withUser("user").password("password").roles("ADMIN");
    }
}

This works fine with springboot version 1.5 but when i upgrade to 2 this error happens. — Anuradha Abeysuriya, Aug 11 '19 at 15:51

score 0 · Answer 2 · answered Aug 11 '19 at 11:56

0

Allow cors request headers in Api for more details refer bellow link.

Spring Boot Security CORS

answered Aug 11 '19 at 11:56

Santosh Shinde

1,206
10
16

score 0 · Answer 3 · edited Dec 15 '20 at 09:33

0

my team tried all the thing we could find in the internet but at last Mozilla's recommendation worked..Please find the link : https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#Preflighted_requests

we tried this method in the attached screenshot and it worked for us:

enter image description here

edited Dec 15 '20 at 09:33

Mario Petrovic

7,500
14
42
62

answered Dec 15 '20 at 05:05

vikhyat sharma

1

1

Welcome to StackOverflow. Please don't use images for information that is easily communicated in text. Images are not friendly to search or copy & paste or visually impaired people. – fcdt Dec 15 '20 at 08:03

Access to XMLHttpRequest at Access to XMLHttpRequest has been blocked by CORS policy

3 Answers3