Unable to perform a cross-domain request from Vue app with Axios to spring-boot backend

Question

I get a HTTP/401 error when Axios send the preflight OPTIONS request. When I look to the OPTIONS request, I don't see any authentication headers, so the backend rejects it. The URL is protected by spring-security.

Client code:

axios.post('https://www.xxx.fr/blocage',
        { 'type': 'hvc' },
        {
            withCredentials: true,
            auth: {
                username: 'my_user',
                password: 'my_password'
            }
        }).then((response) => {
            console.log(response);
        }, (error) => {
            console.log(error);
        });

On the backend side (spring-boot 4), my controller:

@RestController
@CrossOrigin(origins = "*")
public class MyCalendarControler {
       @RequestMapping(value = "/blocage", 
            method = RequestMethod.POST,
            consumes = "application/json",
            produces = "application/json")
       public ResponseEntity<Object> createBlock(@RequestBody Block block) { ... }
...
}

Does someone have any idea ?

Did you receive the header **Access-Control-Allow-Origin** in the OPTIONS response? — Anatoly, Jan 01 '20 at 19:29
yes : Access-Control-Allow-Origin: https://www.yyy.fr where www.yyy.fr is the hostname of the client — user3206683, Jan 03 '20 at 18:56
OPTIONS does not include Authorization header, see this [answer](https://stackoverflow.com/a/40723041/1376618) — Anatoly, Jan 07 '20 at 19:52

Unable to perform a cross-domain request from Vue app with Axios to spring-boot backend

0 Answers0