I have the following "architecture":
- a java API / backoffice application on one computer
- an angular client application on another computer
- both are on the same local network for dev env, and both have a static IP
To test the application, the front application is calling the API using the computer IP: http://192.168.0.XY:ABCD/api
ABCD = 8080 for http and 8443 for https
All this is working fine as long as I'm having only http on dev env. On prod env, https is working fine too.
Problem context:
- I have to use https for both API/back and client on dev side too
- on server side, the backoffice UI is working with https and I can use the backoffice features (I just have an alert because my certifcate is auto signed)
- on front side, I can see the homepage with https (with the same alert message for the same reason)
Problem is that when I try to connect on client UI, on dev side with https, it tries to call API, and fall into a CORS error. Please note that the API allows both http and https origins:
@CrossOrigin(origins = { "http://localhost:4200", "https://localhost:4200", "https://www.yodo.rip" })
@RequestMapping(value = "/login", method = {RequestMethod.OPTIONS, RequestMethod.POST})
public ResponseEntity<String> authenticate(@RequestBody String authParams) {...}
I spent 2 days on that problem, an hope to find some help here.
[EDIT]
- on server side, java is using a ".keystore" file, generated with keytool
- on front side, angular is using .crt + .key files generated with openssl
- in the client / API relationship, I don't know who doens't trust the other : client doesn't trust server's certificate ? or server doesn't trust client certificate ?
[/EDIT]
