Iam getting this issue
Access to XMLHttpRequest at 'http://localhost:8082/v1/store/getstore' from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request.
My config in application.yaml is
grails:
cors:
enabled: true
allowedOrigins:
- http://localhost:4200
and in url mapping
"/v1/store/getStore"(controller: 'store', action: 'getStore')
when i directly hit request as "http://localhost:8082/store/getstore" its not throwing error but after placing in urlMapping its throwing cors issue.
create proxy.conf.json file at root folder and edit the below:
{
"/": {
"target": "http://localhost:8082/",
"secure": false
}
}
change the package json command for start:
"start": "ng serve --proxy-config proxy.conf.json --open",
use the URL mapping as same "/v1/store/getStore"(controller: 'store', action: 'getStore')
Related
I want spring cloud gateway to redirect a request received at "/fetchRoute" to a service api running at "http://localhost:9090/getRoutes".
My application.yml file looks like this:
server:
port: 8080
spring:
cloud:
gateway:
routes:
- id : Routes
uri: http://localhost:9090/getRoutes
predicates:
- Path=/fetchRoute
When I hit "http://localhost:8080/fetchRoute" (Gateway service is running on localhost:8080) from postman I am getting the following error
{
"timestamp": "2022-07-20T12:56:34.802+00:00",
"status": 404,
"error": "Not Found",
"path": "/fetchRoute"
}
I tried hitting "http://localhost:9090/getRoutes" directly and it's working properly so it's not an issue with the service
So I have already implemented a spring boot JAVA application as a server and angular as a frontend. So actually, everything works pretty well when I run those locally.
But when I build the Docker images for both and try to test them as containers, I'm facing a CORS error.
since I'm using the JWT token as security, I have disabled the crsf and default spring security token. so here you can see the JAVA configuration for the CORS;
private String url = "http://10.1.2.37:4200";
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().cors().configurationSource(new CorsConfigurationSource() {
#Override
public CorsConfiguration getCorsConfiguration(HttpServletRequest request) {
CorsConfiguration config = new CorsConfiguration();
config.setAllowedOrigins(Collections.singletonList(url));
config.setAllowedMethods(Collections.singletonList("*"));
config.setAllowCredentials(true);
config.setAllowedHeaders(Collections.singletonList("*"));
config.setExposedHeaders(Arrays.asList("Authorization"));
config.setMaxAge(1200L);
return config;
}}).and()
.authorizeRequests()
.antMatchers("/user").authenticated()
.antMatchers(HttpMethod.GET, "/user").authenticated()
.and().csrf().disable()
.oauth2ResourceServer().jwt().jwtAuthenticationConverter(jwtAuthenticationConverter);
http.headers().frameOptions().sameOrigin();
and this is the nginx.conf
events{}
http {
include /etc/nginx/mime.types;
server {
listen 80;
server_name 10.1.2.37;
root /usr/share/nginx/html;
index index.html;
location / {
try_files $uri $uri/ /index.html;
}
}
}
even if when I try to run those Docker images in the same network by using --network flag, it's not solved.
how do I run the docker images?
for the angular part;
docker run --network "project" --name project_frontend -d -p 4200:80 project_front_end
for the backend;
docker run --network "project" -d --name project_backend -p 8080:80 project_backend
both of them are up and running. but the thing is when I open the browser to test is I'm getting;
Access to XMLHttpRequest at 'http://10.1.2.37:8080/menu' from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
I'm about to lose my mind. really.
Any help will be appreciated. I'm asking here to understand why this is happening.
You've configured the wrong allowed origin.
Origin has a specific meaning:
The Origin request header indicates the origin (scheme, hostname, and port) that caused the request. For example, if a user agent needs to request resources included in a page, or fetched by scripts that it executes, then the origin of the page may be included in the request.
This effectively means that the configured allowed origin must match the URL that appears in the browser when the request is made. You configured the allowed origin to be your nginx IP, but you are not accessing your frontend through your nginx IP, you're accessing it through http://localhost:4200 as indicated by the error message.
Change your allowed origin to reflect that:
private String url = "http://localhost:4200";
Note that when Spring Security receives an Origin which has not been allowed, it refuses the request with a 403 and does not add any Access-Control-* headers, hence your last error message.
Additionally, you may wish to lower the log level of org.springframework.web.cors.DefaultCorsProcessor to DEBUG for it to log errors when it sees a disallowed origin for debugging purposes.
i'm using keycloak (v. 10) for make authentication for existing spring (no boot library) application. I'am using the java-adapter from keycloak documentation i added the suggested configuration on my spring security config.
This is my keycloak.json file:
{
"realm": "cnp-server",
"auth-server-url": "http://localhost:8081/auth/",
"ssl-required": "external",
"resource": "cnpserver-client",
"public-client": true,
"confidential-port": 0
}
On this screen the configuration of keycloak client (is running on docker):
When i try to access to application, the browser make a redirection to:
http://localhost:8081/auth/realms/cnp-server/protocol/openid-connect/auth?response_type=code&client_id=cnpserver-client&redirect_uri=http%3A%2F%2Flocalhost%3A8088%2Fcnp_server_web_war%2Fsso%2Flogin&state=73ee7ebe-1949-4e94-9349-f3760f37bb4a&login=true&scope=openid
When i key the access credentials on prompt box, somethings going wrong; on Keycloak log:
WARN [org.keycloak.events] (default task-63) type=CODE_TO_TOKEN_ERROR, realmId=cnp-server, clientId=cnpserver-client, userId=null, ipAddress=192.168.32.1, error=invalid_code, grant_type=authorization_code, code_id=7972a766-f9be-4907-85a7-69e6d5d50cbf, client_auth_method=client-secret
On spring application log:
ERROR org.keycloak.adapters.OAuthRequestAuthenticator [OAuthRequestAuthenticator.java:337] - failed to turn code into token
ERROR org.keycloak.adapters.OAuthRequestAuthenticator [OAuthRequestAuthenticator.java:338] - status from server: 400
ERROR org.keycloak.adapters.OAuthRequestAuthenticator [OAuthRequestAuthenticator.java:340] - {"error":"invalid_grant","error_description":"Code not valid"}
It's seems similar to this topic, but i don't make any personal configuration on redirect-uri (and i don't know how i can change that).
Thanks
Micronaut is used in one of my projects. I am enabling JWT security feature of micronaut with built in login, logout controllers. But when I hit /login endpoint, it gives me below error:
Access to XMLHttpRequest at 'micronaut-login-endpoint' from origin 'front-end-enpdpoint' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Snippet from application.yml:
micronaut:
application:
name: app-name
server:
port: *port*
cors:
enabled: true
configurations:
web:
allowedOrigins:
- *front-end-enpdpoint*
allowedHeaders:
- Content-Type
allowedMethods:
- POST
- GET
- OPTIONS
security:
enabled: true
endpoints:
login:
enabled: true
logout:
enabled: true
oauth:
enabled: true
token:
enabled: true
jwt:
enabled: true
Can someone help me with this issue?
Can someone from the micronaut core community like #Jeff-Scott-Brown please help me?
I recently faced this issue and I was able to tackle this using this issue thread.
So, following this mdn CORS article. I found out there are two types of CORS requests, simple and preflighted. In case of auth the Authorization header is modified which requires preflighted requests. In preflighted, an http OPTIONS(http method) request is made to the server to confirm its identity. Now micronaut does not have an options end point which can be tackle by just creating the OPTIONS controller as mentioned in the github issue.
I've set up oauth server using org.springframework.security.oauth:spring-security-oauth2:2.0.5.RELEASE lib.
And I can't use password grant to authenticate client with resource owner credentials.
I use RFC 6749 - 4.3. Resource Owner Password Credentials Grant - scenario.
Sending similar request:
POST /token HTTP/1.1
Host: server.example.com
Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW
Content-Type: application/x-www-form-urlencoded
grant_type=password&username=johndoe&password=A3ddj3w
I get
HTTP/1.1 405 Method Not Allowed
This endpoint is not mapped.
Is it spring oauth2 issue?