Enable CORS in Spring Boot

Home

Tools

Blog

Questions

Profile

footer text

Enable CORS in Spring Boot - Vue

I am trying to enable api endpoints to make them reachable in my Vue application. I have tried set


@Configuration
@EnableWebSecurity
class SecurityConfig {

    companion object {
        private const val REGISTRATION_PATH = "/auth/register"
        private const val AUTHENTICATION_PATH = "/auth/login"
    }

    @Bean
    fun configure(
        http: HttpSecurity,
        delegatingAuthenticationEntryPoint: DelegatingAuthenticationEntryPoint
    ): SecurityFilterChain {
        http.cors()
        http.sessionManagement().sessionCreationPolicy(STATELESS)

        http.authorizeRequests()
            .antMatchers(REGISTRATION_PATH, AUTHENTICATION_PATH).permitAll()
            .anyRequest().authenticated()

        http.exceptionHandling()
            .authenticationEntryPoint(delegatingAuthenticationEntryPoint)

        return http.build()
    }

and in endpoints I tried CrossOrigins

   @CrossOrigin(origins = ["*"])
    @PostMapping("/auth/register")
    @ResponseStatus(CREATED)
    fun register(@RequestBody registrationRequest: RegistrationRequest) =
        authApiService.registerUser(registrationRequest)

But nothing seems to work. I have tried a lot of options from the previous topics but I keep getting CORS in my vue app. What else could be done?

Comments:

2023-01-19 23:20:08

Have you tried with a cors configuration source - docs.spring.io/spring-security/reference/servlet/integration‌s/…. For me this helped, but it is an angular + java project. Also you could disable csrf.

Answers(1) :

Try this approach. It helps me, but I wrote in java, I converted it to kotlin by intellij idea

@Component
@Order(Ordered.HIGHEST_PRECEDENCE)
class CorsFilter : Filter {
    @kotlin.Throws(IOException::class, ServletException::class)
    override fun doFilter(req: ServletRequest, res: ServletResponse, 
    chain: FilterChain) {
        val response = res as HttpServletResponse
        response.setHeader("Access-Control-Allow-Origin", "*")
        response.setHeader("Access-Control-Allow-Methods", "POST, PUT, GET, OPTIONS, DELETE, PATCH")
        response.setHeader("Access-Control-Allow-Headers", "Authorization, Content-Type, cache-control, x-requested-with")
        response.setHeader("Access-Control-Max-Age", "3600")
        if ("OPTIONS".equals((req as HttpServletRequest).method, ignoreCase = true)) {
            response.status = HttpServletResponse.SC_OK
        } else {
            chain.doFilter(req, res)
        }
    }

    override fun destroy() {
        //Not implemented
    }

    @kotlin.Throws(ServletException::class)
    override fun init(config: FilterConfig?) {
        //Not implemented
    }
}

Questions & Answers