Spring Boot CORS filter – CORS preflight channel did not succeed

by

I have fixed this issue by creating a new CORS Filter:

@Component
public class CorsFilter extends OncePerRequestFilter {

    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
        response.setHeader("Access-Control-Allow-Origin", "*");
        response.setHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
        response.setHeader("Access-Control-Max-Age", "3600");
        response.setHeader("Access-Control-Allow-Headers", "authorization, content-type, xsrf-token");
        response.addHeader("Access-Control-Expose-Headers", "xsrf-token");
        if ("OPTIONS".equals(request.getMethod())) {
            response.setStatus(HttpServletResponse.SC_OK);
        } else { 
            filterChain.doFilter(request, response);
        }
    }
}

and added it to securty configuration:

.addFilterBefore(new CorsFilter(), ChannelProcessingFilter.class)

UPDATED – More modern way nowadays which I switched to:

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http
            .cors()
        .and()

        ...
    }

    @Bean
    public CorsConfigurationSource corsConfigurationSource() {
        CorsConfiguration configuration = new CorsConfiguration();
        configuration.setAllowedOrigins(Arrays.asList("*"));
        configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"));
        configuration.setAllowedHeaders(Arrays.asList("authorization", "content-type", "x-auth-token"));
        configuration.setExposedHeaders(Arrays.asList("x-auth-token"));
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", configuration);
        return source;
    }

}

More Related Contents:

  1. Spring Boot Security CORS
  2. How to configure CORS in a Spring Boot + Spring Security application?
  3. Filter invoke twice when register as Spring bean
  4. Spring Boot not serving static content
  5. Handle spring security authentication exceptions with @ExceptionHandler
  6. CORS allowed-origin restrictions aren’t causing the server to reject requests
  7. ApplicationContextException: Unable to start ServletWebServerApplicationContext due to missing ServletWebServerFactory bean
  8. Disable Spring Security for OPTIONS Http Method
  9. How do I get the Session Object in Spring?
  10. Spring Security exclude url patterns in security annotation configurartion
  11. Spring Security 3.2 CSRF support for multipart requests
  12. Spring catch all route for index.html
  13. automatically add header to every response
  14. HttpSecurity, WebSecurity and AuthenticationManagerBuilder
  15. Spring Security configuration: HTTP 403 error
  16. Prevent Spring Boot from registering a servlet filter
  17. How to get custom user info from OAuth2 authorization server /user endpoint
  18. How to use LocalDateTime RequestParam in Spring? I get “Failed to convert String to LocalDateTime”
  19. getting exception: No bean named ‘springSecurityFilterChain’ is defined
  20. Spring Security: mapping OAuth2 claims with roles to secure Resource Server endpoints
  21. How to use multiple login pages one for admin and the other one for user
  22. Spring Security 3.2 CSRF disable for specific URLs
  23. Spring Security HTTP Basic for RESTFul and FormLogin (Cookies) for web – Annotations
  24. Configure Multiple MongoDB repositories with Spring Data Mongo
  25. CSS not loading in Spring Boot
  26. With Spring Security 3.2.0.RELEASE, how can I get the CSRF token in a page that is purely HTML with no tag libs
  27. How to allow a User only access their own data in Spring Boot / Spring Security?
  28. Spring – How to stream large multipart file uploads to database without storing on local file system [duplicate]
  29. Spring security 4 custom login j_spring_security_check return http 302
  30. Configure spring boot to redirect 404 to a single page app [duplicate]

Leave a Comment