CORS Issue - Githubissues

Hi. Rossen. I found your name in spring framework class org.springframework.web.cors.reactive.DefaultCorsProcessor.java

This is probably not the right place that i should post my issue. but i don't know how to find your email address. I am currently having some CORS issue with spring cloud gateway.

This is message that i got from inspect Access to XMLHttpRequest at 'https://intra.ws.dev.bil.css.gov.on.ca/api/common/security/sams/userprofile' from origin 'https://eap.apps.uat.cf.az.cihs.gov.on.ca' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

response header is showing as below . not sure "where Access-Control-Allow-Origin: " came from. Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, X-CSRF-TOKEN Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE Access-Control-Allow-Origin: Access-Control-Max-Age: 3600 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Length: 46 Content-Type: application/json Date: Sat, 29 Aug 2020 00:25:27 GMT Expires: 0 Pragma: no-cache Strict-Transport-Security: max-age=31536000 ; includeSubDomains Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Vary: Origin X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Vcap-Request-Id: d95e0aba-8645-43a0-67a0-54d405a7d6fa X-Xss-Protection: 1; mode=block This is my configuration in spring cloud gateway. spring: cloud: gateway: globalcors: add-to-simple-url-handler-mapping: true corsConfigurations: '[/**]': allowedOrigins: "https://eap.apps.uat.cf.az.cihs.gov.on.ca"

do you have any idea? thanks. Kelly

rstoyanchev / spring-websocket-portfolio

CORS Issue #81