Open gyulakiraly opened 1 year ago
I added the annotation @CrossOrigin
to all 4 rest controllers in src/main/java/com/odazie/todolistapi/webRestControllers/
And then modified src/main/java/com/odazie/todolistapi/security/WebSecurity.java
http.cors().and().csrf().disable().authorizeRequests()
.antMatchers(HttpMethod.POST, SIGN_UP_URL).permitAll()
.antMatchers("/v2/api-docs", "/configuration/ui", "/swagger-resources/**", "/configuration/security", "/swagger-ui.html", "/webjars/**").permitAll()
.anyRequest().authenticated()
.and()
.addFilter(new JWTAuthenticationFilter(authenticationManager()))
.addFilter(new JWTAuthorizationFilter(authenticationManager()))
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.cors().configurationSource(request -> {
CorsConfiguration corsConfig = new CorsConfiguration();
corsConfig.applyPermitDefaultValues();
corsConfig.addExposedHeader("Authorization"); // Add the header to be exposed
return corsConfig;
});
Not sure that the annotation is required. I did that first, it didn't work by itself.
Hey there, i found your API, and i would like to use it for a tutorial session. My problem is that, when we make a login call, with axios, we can't access the 'Authorization' header in the response, to save the token in Local Storage. Can you please check your CORS setup so that it allows us to access the header prop?