Closed SubhamKrGuptaDev closed 7 months ago
We had the same issue in our project. No matter what we try, our requests get always rejected because of CORS.
@SubhamKrGuptaDev I think you're missing the OPTIONS
method. With CORS, the browser sends a so-called preflight request. That's an OPTIONS
request.
Very similar observation(s) here at my end - Looks like globally defined CORS policy applies to dynamically specified routes (both in an application yaml file), where the same does not apply to our REST Controller(s) within the same application...
Only workaround so far that seems to work, is when I use the @CrossOrigin
annotation directly on Controller Class level, resp. as described here: https://www.baeldung.com/spring-webflux-cors.
So now I'm really not sure if there is a bug or if the observed behavior is by intention - was able to reproduce in both Spring Cloud release train 2022 and 2021.
The Issue is Version Version is 3.0 and the API gateway 3.0 version has some bugs if you want to use API Gateway then the below 3.0 versions are working fine you can try it once.
any news on this topic? I have the same problems
I have fixed it! Now it works !!!! Just copy it in order:
server:
port: 2620
address: 25.68.201.55
eureka:
client:
fetch-registry: true
register-with-eureka: true
service-url:
defaultZone: http://localhost:8761/eureka
spring:
application:
name: Api GateWay
cloud:
gateway:
globalcors:
add-to-simple-url-handler-mapping: true
corsConfigurations:
'[/**]':
allowedOrigins: "http://127.0.0.1:5500"
allowedHeaders:
- "Origin"
- "Content-Type"
- "Accept"
- "Authorization"
- "Referer"
allowedMethods:
- POST
- GET
- OPTIONS
routes:
- id: Customer Login
uri: http://localhost:8080
predicates:
- Path=/api/v1/auth/login
- id: Customer Registration
uri: http://localhost:8080
predicates:
- Path=/api/v1/auth/register
- id: Customer Google login
uri: http://localhost:8080
predicates:
- Path=/api/v1/auth/google/login
- id: Confirm email
uri: http://localhost:8081
predicates:
- Path=/confirm
default-filters:
- DedupeResponseHeader=Access-Control-Allow-Credentials Access-Control-Allow-Origin, RETAIN_FIRST
@n0rb33rt are you using latest spring-boot 3.2.0 and spring cloud 2023.0.0 with this working? What version was this successful with?
I also encounter same issue with the below setting. 7 months has passed, no engineer is assigned to look at this issue? Currently using spring boot 3.2.1
spring:
cloud:
gateway:
routes:
- id: multiplication
uri: http://localhost:8080/
predicates:
- Path=/challenges/**,/attempts,/attempts/**,/users/**
- id: gamification
uri: http://localhost:8081/
predicates:
- Path=/leaders
globalcors:
cors-configurations:
'[/**]':
allowedOrigins: "http://localhost:3000"
allowedHeaders: "*"
allowedMethods:
- "GET"
- "POST"
- "OPTIONS"
default-filters:
- DedupeResponseHeader=Access-Control-Allow-Origin Access-Control-Allow-Credentials, RETAIN_UNIQUE
I also notice that in 3.2.1, the starter is org.springframework.cloud:spring-cloud-starter-gateway-mvc In 3.1.7, it is org.springframework.cloud:spring-cloud-starter-gateway (without the -mvc)
Not sure if this difference is related to the CORS origin issue..
I faced the same issue, but as n0rb33rt mentioned the below configuration worked for me, add-to-simple-url-handler-mapping: true As also mentioned in Spring Doc
@hannah23280 It works with spring boot 3.2.1 Do not enable cors on your microservices. Just enable it on the gateway.
It looks like things have been resolved. Feel free to comment if not and we can reopen to discuss.
@hannah23280Funciona con Spring Boot 3.2.1. No habilite cors en sus microservicios. Simplemente habilitelo en la puerta de enlace. Ugh, thank you very much because I didn't see this post before, the official documentation was always a little correct, in my case I only did this and don't enable @crossorigin for any microservices
spring:
application:
name: servicio-api-gateway
cloud:
gateway:
globalcors:
add-to-simple-url-handler-mapping: true
corsConfigurations:
'[/**]':
allowedOrigins: "http://127.0.0.1:5501"
allowedHeaders: "*"
allowedMethods:
- POST
- GET
- OPTIONS
- PUT
- DELETE
server:
port: 10450
I have this configuration, it works great with all the methods but delete, what can I add to this to make it work with the delete method: spring: application: name: msvc-gateway cloud: gateway: globalcors: add-to-simple-url-handler-mapping: true cors-configurations: '[/*]': allowed-origins: "" allowedMethods:
is there anyone who says it is working does not share small code with us :)?
I tried using the configuration file method but it failed. However configuration via Bean works fine.
@Configuration
public class CorsConf extends CorsConfiguration {
@Bean
public CorsWebFilter corsFilter()
{
CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials( true );
// config.setAllowedOrigins( List.of( "*" ) ) //Collections.singtonList(....);
config.setAllowedOriginPatterns(List.of( "*" ));
config.setAllowedMethods( List.of( "GET", "POST", "PUT", "DELETE", "OPTIONS", "HEAD" ) );
config.setAllowedHeaders( List.of( "origin", "content-type", "accept", "authorization", "cookie" ) );
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration( "/**", config );
return new CorsWebFilter(source);
}
I think this is a bug because I tried every solution that I get on the internet but it does not work. still CORS Origin policy error I'm getting
It always shows a CORS origin problem or 403 error but in Postman works perfectly.
If you know the solution please reply or else please fix this bug I think this is a bug or I'm going something wrong
application.yml file
AuthenticationFilter.java