问题
I'm building an application that uses Angular 2 on the front end, and Spring Boot on the backend. I am using Spring-Security and Spring Social to allow login through Facebook. I thought I had configured CORS correctly, but I am getting the following error message:
XMLHttpRequest cannot load http://localhost:8080/auth/facebook. The request was redirected
to 'https://www.facebook.com/v2.5/dialog/oauth?client_id=1113908502021844&respo…alhost%3A8080%2Fauth%2Ffacebook&state=d4fb1987-9042-4d49-8bf9-6b5ec94c45f6',
which is disallowed for cross-origin requests that require preflight.
My security config looks like this:
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/auth/**", "/signup/**", "/user/login")
.permitAll()
.antMatchers("/**").authenticated()
.antMatchers("/rest/**").hasAnyRole("USER", "ADMIN")
.and()
.headers() //might need defaults disabled
.and()
.exceptionHandling()
.and()
.cors()
.and()
.csrf().disable()
.rememberMe()
.and()
.apply(new SpringSocialConfigurer());
}
My CORS config:
@Bean
CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
configuration.setAllowCredentials(true);
configuration.addAllowedOrigin("*");
configuration.addAllowedHeader("*");
configuration.setAllowedMethods(Arrays.asList("GET","POST", "PUT"));
source.registerCorsConfiguration("/**", configuration);
return source;
}
My frontend request (blocks both get() and post()):
facebookAuth(){
let tokenUrl = 'http://localhost:8080/auth/facebook';
let headers1 = new Headers({'Content-Type': 'application/json'});
return this.http.get(tokenUrl, {headers: headers1});
}
Last, my network info:
What am I missing here? CORS only seems to block the Facebook redirect, while letting other requests through without issue.
来源:https://stackoverflow.com/questions/39135012/spring-security-angular-2-cors-unable-to-redirect-facebook-signin