0

my Spring application is blocking requests because of CORS.

All my controllers are annotated with @CrossOrigin

My current Spring security config is:

@Override
    protected void configure(final HttpSecurity http) throws Exception {
              http.httpBasic()
                      .and()
                      .authorizeRequests()
                      .antMatchers( "/", "/home", "/inloggen").permitAll()
                      .anyRequest().authenticated()
                      .and().csrf()
                      .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());

}

However, this configuration is blocking ALL (GET/POST) requests to all endpoints.

Using the following configuration:

@Override
    protected void configure(final HttpSecurity http) throws Exception {
               http.httpBasic()
                      .and().cors().disable()
                      .authorizeRequests().antMatchers("/**").permitAll()
                      .anyRequest().authenticated();
    }

Should in theory allow all requests right?

I have tried many things. My front-end is written in Angular, simple get() requests don't work. Any help is appreciated.

superkr123
  • 101
  • 1
  • 5
  • Your question contains some wring assumptions: 1) Spring doesn't block any request, because of CORS, it is your browser. 2) Disabling CORS means, that your browser is blocking all responses from other sites. 3) Using `@CrossOrigin` is not enough, you have to configure Spring Security to allow CORS' preflight request. – dur Dec 05 '20 at 22:00
  • 1
    Does this answer your question? [CORS issue - No 'Access-Control-Allow-Origin' header is present on the requested resource](https://stackoverflow.com/questions/42016126/cors-issue-no-access-control-allow-origin-header-is-present-on-the-requested) – dur Dec 05 '20 at 22:01

0 Answers0