angularjs - CORS problems with Spring-security -

-

i building app spring-boot (on http://localhost:8080) , angular (on http://localhost:80).

the frontend , backend code served 2 different servers. in order avoid cors problems, used put in place intermediate nginx server not satisfied solution anymore. hence, have allow cors.

i allowed cors globally lines : 

@configuration public class webmvcconfiguration extends webmvcconfigureradapter {       @override   public void addcorsmappings(corsregistry registry) {     registry.addmapping("/**")         .allowedorigins("http://localhost")         .allowcredentials(true)     ;   } }

this works every routes except authentication route handled spring security : 

public class securityconfiguration extends websecurityconfigureradapter {    @override   public void configure(httpsecurity http) throws exception {     http       .formlogin()       .successhandler(successhandler())       .failurehandler(failurehandler())     //[...]   }    private authenticationsuccesshandler successhandler() {     return (httpservletrequest, httpservletresponse, authentication) ->       httpservletresponse.setstatus(httpservletresponse.sc_ok);   }    private authenticationfailurehandler failurehandler() {     return (httpservletrequest, httpservletresponse, e) -> {        httpservletresponse.setstatus(httpservletresponse.sc_unauthorized);     }; }

here code sends request on frontend part : 

$http.post('http://localhost:8080/api/login', $.param({'username': username, 'password': password}),             {headers: {'content-type': 'application/x-www-form-urlencoded'}} ).then(function() {}) .catch(function(error) {};

if enter correct password, http response code (that can see in chrome console) 200 still reach catch block (with error.status = -1) , can see error message in console :

xmlhttprequest cannot load http://localhost:8080/api/login. no 'access-control-allow-origin' header present on requested resource. origin 'http://localhost' therefore not allowed access.

if enter wrong password reach catch block error message :

xmlhttprequest cannot load http://localhost:8080/api/login. no 'access-control-allow-origin' header present on requested resource. origin 'http://localhost' therefore not allowed access. response had http status code 401.

i notice cors response headers missing when call authentication endpoint.

any ideas?

edit : works if manually add headers in custom success handler. prefer if spring-security take account global cors configuration.

from experience you'll need include port number in cors, error message browser bit misleading.

you can verify inspecting network , check origin field of request headers. value in access-control-allow-origin of response headers must match including protocol , port.


Comments

Post a Comment

Popular posts from this blog

sql - invalid in the select list because it is not contained in either an aggregate function -

-
i can't figure out rewrite sql statement avoid error below msg 8120, level 16, state 1, line 26 column 'staffmember.staffmemberid' invalid in select list because not contained in either aggregate function or group clause. sql statment select (select [dbo].[udf_readstaffmemberbasic](sm.staffmemberid) xml path ('staffmembersummary'), root ('items'), type ), count(sm.staffmemberid) totalresults, ceiling(cast(count(sm.staffmemberid) decimal)/ @pagesize) totalpages staffmember sm inner join staffmembertoadditionalrole ar on sm.staffmemberid = ar.staffmemberid (sm.firstname '%' + @name + '%' or sm.surname '%' + @name + '%') , (@floorid null or sm.floorid = @floorid) , (@directorateid null or sm.directorateid = @directorateid) , (@additionalroleid null or ar.additionalroleid = @additionalroleid) order sm.staffmemberid offset @page * @pagesize rows fe...
Read more

Angularjs unit testing - ng-disabled not working when adding text to textarea -

-
i trying test angularjs component using karma, mocha, power-assert. have textarea , button in component, button disabled based on length of text in textarea. when run component in browser works perfectly. can't figure out how test functionality. here's bit of code. inquiryform.js function inquiryform($scope) { // plan add logic here } angular.module('myapp').component('inquiryform', { controller: inquiryform, controlleras: 'inquiryform', templateurl: 'inquiryform.html' }); inquiryform.html <div class="contact"> <div>thanks contacting us.</div> <form> <textarea ng-model="inquiryform.inquirytext" name=""></textarea> <input type="submit" value="send" ng-disabled="!inquiryform.inquirytext.length"> </form> </div> inquiryformtest.js describe('inquiry form ', () => { let $r...
Read more

How to start daemon on android by adb -

-
can me please, head swollen... i trying run daemon on android emu/device command: adb -s <device_name> shell su -c /dir/daemon <port_number> but nothink happens, , no errors! if do: adb -s <device> shell and form shell cmdline: su -c /dir/daemon <port_number> than work fine. try use shell-script , run: adb -s <device_name> shell sh su -c /dir/script.sh <port_number> and try generate script qt code port number , use: adb -s <device_name> shell sh su -c /dir/script.sh but not helped... problem if enter adb shell previous run daemon - work. problem on different device/emu/iso_image different command format not work. example: adb -s <device_name> shell su -c /dir/daemon <port_number> // work @ emu, not @ iso and vice: adb -s <device_name> shell su -c "/dir/daemon <port_number>" // work @ iso etc. everybody can answer what's matter? sorry english adb shell su -c ...
Read more