1

I have a Jersey REST API server, which is hit by my website(made with Angular). It is getting following client side errors

Access to XMLHttpRequest at 'http://localhost:8080/authentication/login' from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

I have tried adding header into response, but these are not apearing on the client side. Server side code for setting headers is implemented using filter as below

@Provider
public class CORSFilter implements javax.ws.rs.container.ContainerResponseFilter {

    @Override
    public void filter(ContainerRequestContext request, ContainerResponseContext response) throws IOException {
        response.getHeaders().add("Access-Control-Allow-Headers", "Access-Control-Allow-Origin,Content-Type");
        response.getHeaders().add("Access-Control-Allow-Origin", "*");
        response.getHeaders().add("Access-Control-Allow-Methods", "OPTIONS,POST");
    }
}

When I check the response headers on the client side Access-Control-Allow-Origin is missing.

enter image description here

A login action is taken on button press.

onLogin() {
    console.log('clicked');
    const url = LoginConfig.domain + '/' + LoginConfig.loginPath;
    this.http.post(url, {username: 'lorem@gmail.com', secret: 'ipsum'}).subscribe(value => console.log(value.toString()));
  }

I am not able to figure out what exactly is missing.

Kuldeep Yadav
  • 1,664
  • 5
  • 23
  • 41
  • The problem is, the browser’s CORS preflight OPTIONS request to `http://localhost:8080/authentication/login` is for some reason causing an unexpected internal server failure in the `http://localhost:8080/authentication/login` server, so that server is responding with a 500 error. You can’t fix that problem with any CORS-configuration changes; instead you need to look at the server logs in the server environment of the `http://localhost:8080/authentication/login` server and see what messages the server is logging there about the cause of the unexpected internal server failure that’s happening – sideshowbarker Jan 23 '20 at 01:27
  • @sideshowbarker Does choice of stack play any role in CORS error as mine is Java-Jersey(server side) and Javascript/Typescript(slient side)? – Kuldeep Yadav Jan 23 '20 at 01:47
  • The frontend code doesn't make any difference in this case. All that matters is the server-side code for that port 8080 server. You really just need to look at the server logs for that port 8080 server. Unless you can provide information about what those logs say, there's really nothing more anyone else here can do to help you troubleshoot the problem further. – sideshowbarker Jan 23 '20 at 02:08
  • What is `http://localhost:8080/authentication/login`? Is it a resource method? A servlet? A servlet filter? Also are you sure the Jersey filter is registered? Is it being called? – Paul Samsotha Jan 23 '20 at 08:04
  • @PaulSamsotha this is resource (POST)method. CORS headers are returned as expected when I call the method using POSTMAN, but in chrome it is creating the trouble. – Kuldeep Yadav Jan 23 '20 at 08:07
  • 1
    Try to use the filter at the [bottom of my answer](https://stackoverflow.com/a/28067653/2587435). See if it makes any difference. – Paul Samsotha Jan 23 '20 at 08:09
  • It seems to be working as error changed to `blocked by CORS policy: Request header field content-type is not allowed by Access-Control-Allow-Headers in preflight response.` – Kuldeep Yadav Jan 23 '20 at 08:27
  • @PaulSamsotha any suggestion on this new CORS issue? I am supposed to send POJO(json) from server side. – Kuldeep Yadav Jan 23 '20 at 08:35
  • 1
    I could resolve the content-type issue as well, add Content-Type in Access-Control-Allow-Headers and worked fine. @PaulSamsotha thanks buddy. – Kuldeep Yadav Jan 23 '20 at 09:00

0 Answers0