Closed lylJson closed 2 years ago
marcusdacoregio
commented
2 years ago Hi @lylJson, it seems that your problem is a CORS error actually, can you double-check that? Also, if you provide a reproducible sample it'd be easier to simulate here and confirm the issue.
lylJson
commented
2 years ago @marcusdacoregio thanks for the reply. Here is my modified project:https://github.com/lylJson/springone-2021.git Start the project and visit http://127.0.0.1:8000/app/flights Sometimes we need to release some static pages without authentication, such as the home page, so I modified com.example.web.SecurityConfiguration
sjohnr
commented
2 years ago Hi @lylJson, it looks as though you have included a second authorizeExchange block. This is incorrect, and you would want to include the rules of both blocks in the same block.
@Bean
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
// @formatter:off
http
.authorizeExchange((authorize) -> authorize
.pathMatchers("/app/**", "/*.*.js", "/*.*.css", "/assets/**").permitAll())
.anyExchange().authenticated()
)
.oauth2Login(Customizer.withDefaults())
.csrf((csrf) -> csrf
.csrfTokenRepository(CookieServerCsrfTokenRepository.withHttpOnlyFalse())
);
// @formatter:on
return http.build();
}
I changed the configuration of flights-web a bit like this:
Then I got the following result:
Maybe when the page wants to use ajax to call the interface, it gets a 302, but ajax can't handle 302 efficiently