Header in the response must not be the wildcard '*' when the request's credentials mode is 'include'
I\'m using Auth0 for my user authentication to only allow logged in users to access a Spring (Boot) RestController. At this point I\'m creating a r
-
my answer is too late but i'm posting this if anyone could face the same problem, i've been facing the same cross-origin issue.
Basically if you are using Spring Security implemented on your server side application, Probably it is he who blocks websocket handshaker
You have to tell Spring security to allow your websocket endpoints in order to allow socket handshake... using
.antMatchers("/socket/**").permitAll()So sockjs will be able now to send a GET (Http) request for handshaking before switching to Websocket protocol
This is Spring security Configuration
package org.souhaib.caremy.security.module.config; @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and() .exceptionHandling().authenticationEntryPoint(restAuthenticationEntryPoint).and() .authorizeRequests() .antMatchers(SecurityParams.PUBLIC_ROUTES).permitAll() .antMatchers("/socket/**").permitAll(); http.csrf().disable(); }}This is WebSocket Broker configuration
@Configuration @EnableWebSocketMessageBroker public class WebSocketConfig extends AbstractWebSocketMessageBrokerConfigurer { @Override public void registerStompEndpoints(StompEndpointRegistry registry) { registry.addEndpoint("/socket") .setAllowedOrigins("http://localhost:4200") .withSockJS(); } @Override public void configureMessageBroker(MessageBrokerRegistry registry) { registry.setApplicationDestinationPrefixes("/app") .enableSimpleBroker("/chat"); } }
加载中...
- 热议问题