Spring boot app return Access to XMLHttpRequest at “myURL” has been blocked by CORS policy

问题

i'm stuck with this issue: i use a spring boot app in backend and angular app for the front, the issue is when i call a specific rest url in the backend that uses a jar dependency that i have added to the backend as maven system scope dependency i get a cors error. All other backend urls are working fine

here is how i included the jar dependency for the backend:

    <dependency>
        <groupId>com.ex</groupId>
        <artifactId>lib</artifactId>
        <version>1.0</version>
        <scope>system</scope>
        <systemPath>${project.basedir}/src/main/resources/Utils.jar</systemPath>
    </dependency>

note also that i'm using a Zuul dispatcher between the front and the backend and that i did this config in the backend

@Component

public class CorsFilter extends OncePerRequestFilter {

@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
    response.setHeader("Access-Control-Allow-Origin", "*");
    response.setHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
    response.setHeader("Access-Control-Max-Age", "3600"); 
    response.setHeader("Access-Control-Allow-Headers", "authorization, content-type, xsrf-token, Content-Range, Content-Disposition, Content-Description, GAuth");
    response.addHeader("Access-Control-Expose-Headers", "xsrf-token");
    if ("OPTIONS".equals(request.getMethod())) {
        response.setStatus(HttpServletResponse.SC_OK);
    } else {
        filterChain.doFilter(request, response);
    } 
}

}

any help will be highly appreciated, thanks

回答1:

Firstly, you need add @CrossOrigin annotation in your controller. Than here is correct configuration from documentation:

@Bean
public WebMvcConfigurer corsConfigurer() {
    return new WebMvcConfigurer() {
        @Override
        public void addCorsMappings(CorsRegistry registry) {

            registry.addMapping("/**")
                    .allowedOrigins("*")
                    .allowedMethods("*")
                    .allowedHeaders("*");

        }
    };
}

You can configure it your own way.

Secondly, if you are using SpringSecurity you need add .cors() to your configuration.

Example:

@Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .cors().and()
                .csrf().disable()
                .authorizeRequests()
                .anyRequest().permitAll()
                .and().httpBasic();
    }

来源：https://stackoverflow.com/questions/63291025/spring-boot-app-return-access-to-xmlhttprequest-at-myurl-has-been-blocked-by-c