0

I am currently learning flutter web and have created a simple spring boot api, but I keep receiving the error for any network request stating

Access to XMLHttpRequest at 'http://localhost:8080/api/v1/auth/authenticate' from origin 'http://localhost:53289' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

I have tried adding @CrossOrigin to my controller and event attempted adding a filter in spring but not with any luck.

For reference here is my controller

@RestController
@RequestMapping("/api/v1/auth")
class AuthenticationController(
    private val authenticationService: AuthenticationService
) {

    @PostMapping("/register")
    fun register(
        @RequestBody request: RegisterRequestBody
    ): ResponseEntity<AuthenticationResponse> {
        return ResponseEntity.ok(authenticationService.register(request))
    }
    @PostMapping("/authenticate")
    fun register(
        @RequestBody request: AuthenticationRequest
    ): ResponseEntity<AuthenticationResponse> {
        return ResponseEntity.ok(authenticationService.authenticate(request))
    }
}

And here is the network request code in flutter

class AuthenticationApi {
  var uri = Uri.http("localhost:8080","/api/v1/auth/authenticate");

  Future<String?> loginWithCredentials(String username, String password) async {
    var body = jsonEncode(loginBody(username, password));
    final response = await http.post(uri, body: body);
    if (response.statusCode == 200) {
      return response.body;
    } else {
      return null;
    }
  }
}

If anyone could help me see where I am gong wrong that would be great, thanks :)

I have tried adding @CrossOrigin to my controller and event attempted adding a filter in spring but not with any luck.

Ben Johnson
  • 1
  • 1
  • See https://spring.io/guides/gs/rest-service-cors/ there's no sign of the cross origin directive in your above code – Richard Heap Apr 20 '23 at 13:25

1 Answers1

-1

Sry I just saw now, you are sending no headers?

make

final response = await http.post(uri, 
headers: {
        'Content-type': 'application/x-www-form-urlencoded',
        'Accept': 'application/json',

      },
body: body);

And pls try also your old uri again.

If still not working update headers:...
to

        headers: {
        HttpHeaders.acceptHeader: 'application/json',
        HttpHeaders.contentTypeHeader: 'application/json',
        HttpHeaders.cacheControlHeader: 'no-cache',
        HttpHeaders.pragmaHeader: 'no-cache',
        'Access-Control-Allow-Origin': '*',
        'Access-Control-Allow-Methods': 'GET, POST, PUT, DELETE, OPTIONS',
        'Access-Control-Allow-Headers': 'Origin, Content-Type, Accept, Authorization, X-Request-With',
        'Access-Control-Allow-Credentials': 'true',
      }

---OLD
I just had the same Problem! You can solve it with change this:

var uri = Uri.http("localhost:8080", "/auth/authenticate");
to
Uri uri = Uri.parse('localhost/');

If this works for you, can you give also my quesion thumps up :)

MrOrhan
  • 877
  • 6
  • 21
  • Thanks, I've updated to `var uri = Uri.parse("localhost:8080/api/v1/auth/authenticate");` but now I get this new error , hopefully its a step forward `Access to XMLHttpRequest at 'localhost:8080/api/v1/auth/authenticate' from origin 'http://localhost:53131' has been blocked by CORS policy: Cross origin requests are only supported for protocol schemes: http, data, isolated-app, chrome-extension, chrome, https, chrome-untrusted.` – Ben Johnson Apr 20 '23 at 11:24