Spring Security CORS Filter: Troubleshooting "No 'Access-Control-Allow-Origin' Header is Present"
Explanation
Adding Spring Security to an existing project can trigger a "No 'Access-Control-Allow-Origin' header is present" error during Cross-Origin Resource Sharing (CORS) requests. This error occurs because the Access-Control-Allow-Origin response header is not added to requests.
Solution
Method 1:
Update your code to use Spring Security's built-in CORS support. Add the following configuration to your application:
<code class="java">@Configuration public class WebConfig extends WebMvcConfigurerAdapter { @Override public void addCorsMappings(CorsRegistry registry) { registry.addMapping("/**") .allowedMethods("HEAD", "GET", "PUT", "POST", "DELETE", "PATCH"); } }</code>
Method 2:
If you want more control over CORS configuration, use the following approach:
<code class="java">@Configuration public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http.cors(); } @Bean public CorsConfigurationSource corsConfigurationSource() { final CorsConfiguration configuration = new CorsConfiguration(); configuration.setAllowedOrigins(ImmutableList.of("*")); configuration.setAllowedMethods(ImmutableList.of("HEAD", "GET", "POST", "PUT", "DELETE", "PATCH")); configuration.setAllowCredentials(true); configuration.setAllowedHeaders(ImmutableList.of("Authorization", "Cache-Control", "Content-Type")); final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); source.registerCorsConfiguration("/**", configuration); return source; } }</code>
Additional Notes:
The above is the detailed content of Why Am I Getting a \"No \'Access-Control-Allow-Origin\' Header is Present\" Error After Adding Spring Security?. For more information, please follow other related articles on the PHP Chinese website!