CORS Error in Google App Engine on java server

Question

I have two apps.

Frontend(Angular) running on Firebase

Backend Spring Boot (Java11) running on App Engine

Got this error while trying to reach any endpoints in app engine "Access has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource"

An interesting thing that, everything works fine in my local machine. No issues with cors. So, I guess the problem is in the configuration of app engine or smth else.

Could someone help me to solve this problem? I've already spent a lot of time trying to fix it. Already read a lot of stackoverflow similar issues. The last one: How to configure CORS in a Spring Boot + Spring Security application?

Can't find anything helpful in google docs.

Here my app.yaml file

runtime: java11
instance_class: F4
vpc_access_connector:
  name: projects/<project_id>/locations/<location>/connectors/<connectors_name>

Here my config files: CorsFilterConfig.java

@Configuration
public class CorsFilterConfig {
    
    @Value("${allowed-origin}")
    private String allowedOrigin;

    @Bean
    public FilterRegistrationBean<CorsFilter> simpleCorsFilter() {
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        CorsConfiguration config = new CorsConfiguration();
        config.setAllowCredentials(true);
        config.setAllowedOrigins(Collections.singletonList(allowedOrigin));
        config.setAllowedMethods(Collections.singletonList("*"));
        config.setAllowedHeaders(Collections.singletonList("*"));
        source.registerCorsConfiguration("/**", config);
        FilterRegistrationBean<CorsFilter> bean = new FilterRegistrationBean<>(new CorsFilter(source));
        bean.setOrder(Ordered.HIGHEST_PRECEDENCE);
        return bean;
    }
}

allowedOrigin points to the https://<firebase.domain> SecurityConfig.java

@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .cors()
                .and()
                .csrf().disable()
                .authorizeRequests().anyRequest().authenticated()
                .and()
                .oauth2Login()
                .and()
                .oauth2ResourceServer().jwt();

Endpoint example

@RestController
@RequestMapping("/test")
@AllArgsConstructor
public class TestController {

    @GetMapping
    public String hello() {
        return "hello world";
    }
}

score 1 · Answer 1 · answered Oct 30 '20 at 10:01

I guess that you can't use app.yaml to control HTTP headers for dynamic handlers. It is only applicable for static content

That's why this config fails to deploy with this error "Unexpected attribute "http_headers" for mapping type script."

instance_class: F4
vpc_access_connector:
  name: projects/<project_id>/locations/<location>/connectors/<connectors_name>
handlers:
  - url: /.*
    script: auto
    http_headers:
      Access-Control-Allow-Origin: *

score 0 · Answer 2 · answered Oct 29 '20 at 20:38

0

I think your app engine yaml file needs to allow cors in the handler, You can use this example

handlers:
- url: /images
  static_dir: static/images
  http_headers:
    Access-Control-Allow-Origin: https://frontend.firebase.url.com

You can also use * instead of specifying the url to allow access

answered Oct 29 '20 at 20:38

Andres S

1,168
7
11

I guess that this handler is applicable only for resources in your backend, not for endpoints. – RtiOne Kkarkov Oct 30 '20 at 09:40

score 0 · Accepted Answer · answered Nov 02 '20 at 11:40

0

I had the wrong URLs of allowed origin in my properties. So the config files and all cors configuration in my question are correct.

answered Nov 02 '20 at 11:40

RtiOne Kkarkov

11
2

CORS Error in Google App Engine on java server

3 Answers3