Search code examples
springrestspring-boothttp-headershttpwebresponse

Empty HTTP response headers in browser but filled in POSTMAN


I've created a Spring Boot back end with a React front end.

That doesn't make sense to me.

Code: https://github.com/The-Taskmanager/SelfServiceWebwizard

Back end Mapping

@PostMapping("/signin")

public ResponseEntity<?> authenticateUser(@Valid @RequestBody LoginRequest loginRequest) {

    Authentication authentication = authenticationManager.authenticate(
            new UsernamePasswordAuthenticationToken(
                    loginRequest.getUsernameOrEmail(),
                    loginRequest.getPassword()
            )
    );

    SecurityContextHolder.getContext().setAuthentication(authentication);

    String jwt = tokenProvider.generateToken(authentication);
    HttpHeaders headers = new HttpHeaders();
    headers.add("Mustermann", "Max");
    headers.add("Content-Type", "application/json");
    headers.add("Authorization", new JwtAuthenticationResponse(jwt).getAccessToken());
    return ResponseEntity.ok().headers(headers).body(new JwtAuthenticationResponse(jwt));

}

Front end request

login(username: string, password: string) {

    fetch('http://localhost:8080/api/auth/signin', {
        method: 'POST',
        headers: {
            'Content-Type': 'application/json'
        },
        body: JSON.stringify({
            "usernameOrEmail": username,
            "password": password
        })
    }).then(response => {
        console.log(response);
        console.log(response.text());
        console.log(response.headers);
    })
        .catch(error => console.error(error));
}

UPDATE1: Added this method but headers in browser still empty:

CorsConfigurationSource corsConfigurationSource() {
    final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    CorsConfiguration config = new CorsConfiguration().applyPermitDefaultValues();
    source.registerCorsConfiguration("/**", config);
    return source;
}

UPDATE2:

When I request with React, Spring Boot shows me this ERROR:

ERROR 8876 --- [nio-8080-exec-4] c.s.jwt.JwtAuthenticationEntryPoint:  Responding with unauthorized error. Message - full authentication is required to access this resource

Browser console:

browser console

When I request with Postman, Spring Boot shows no ERROR.

UPDATE3:

Request-header send by React:

{
host=[localhost:8080],
content-type=[application/json],
cache-control=[no-cache],
user-agent=[Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0],
accept-encoding=[gzip, deflate],
content-length=[58],
referer=[http://localhost:8080/],
origin=[http://localhost:8080],
dnt=[1],
connection=[keep-alive],
accept-language=[de,en-US;q=0.7,en;q=0.3],
accept=[*/*]
}

Request-header send by POSTMAN from POSTMAN console:

host:"localhost:8080"
content-type:"application/json"
cache-control:"no-cache"
user-agent:"PostmanRuntime/7.1.5"
accept-encoding:"gzip, deflate"
content-length:68
postman-token:"b00fd7a8-bd34-4a32-8681-990b04012e3b"
cookie:"JSESSIONID=2CAEC9280432DD13AABA53B73B7874AC"
accept:"*/*"

Solution

  • Solved by myself.

    Changed code in front end's fetch method

    console.log(response.headers)
    
    // changed to:
    
    console.log(response.headers.get('Authorization')
    

    So the headers were there all the time but I couldn't manage to log them in browser console with React.

    Nevertheless there is the Spring Boot (full authentication) and Browser (401) error in UPDATE2. Don't know where this is coming from.