angularspring-bootcorspreflight
401 response for CORS preflight OPTIONS request to springboot server
Cross domain request from my angular app to a spring boot backend is blocked by CORS, only with POST, PUT. GET is allowed and working as expected.
Here is my config ..
Backend :
cors filter -
@Configuration
public class CORSConfiguration {
@Bean
public CorsFilter corsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration corsConfiguration = new CorsConfiguration();
corsConfiguration.setAllowCredentials(true);
corsConfiguration.setAllowedOrigins(Arrays.asList("http://localhost:4200"));
corsConfiguration.setAllowedMethods(Arrays.asList("PUT", "POST", "GET", "DELETE", "OPTIONS"));
corsConfiguration.setAllowedHeaders(Arrays.asList("Origin", "X-Requested-With", "X-Requested-By",
"Content-Type", "Accept", "Authorization"));
source.registerCorsConfiguration("/**", corsConfiguration);
return new CorsFilter(source);
}
}
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity.cors().and()
.csrf().disable()
.authorizeRequests()
.antMatchers(HttpMethod.OPTIONS).permitAll()
.antMatchers("/*").authenticated().and()
.jee().mappableAuthorities("xxxxxxx");
}
}
ng :
public postIT(payload: Data): Observable<Data> {
return this.http.post<Data>(url, payload) , {
withCredentials: true
});
}
Errors :
What am I leaving out here? Please let me know.
Solution
The mistake I did was in the web.xml, in which OPTIONS was included in the <security-constraint> element.
Removed it from here and with the rest of the config as is, I no longer see the issue.
- How to remove script tags in index.html from Angular Component
- How to exclude an element from view transitions?
- How to disable selection of cells in ag-grid?
- How to use ngCspNonce in Angular
- base64 file to be downloaded in capacitor iOS and Android
- How to validate that 2 folders on the same level cannot have the same name in a recursive Angular form array
- How to setup TailwindCSS in Angular 11.2.0 or lower
- How to patch form array in typed angular reactive forms
- Getting error "NullInjectorError: No provider for SignalStore!" when attempting to unit test ng/rx Signal store
- Narrowing a union of strictly typed forms in Angular
- How to use ng-template across different components
- How can I use "*ngIf else"?
- Is it possible to adjust mat-form-field-outline thickness?
- error attempting to use convert-tslint-to-eslint
- Angular focus on input while clicking an element
- Ionic Capacitor hardware back button is automatically closing the app
- Change default expansion panel arrow colour for angular material
- Test Observable with fakeAsync, delay and tick using Jasmine
- Submit event of Angular Reactive Form inside modal bootstrap not working -
- Can't bind to 'pTooltip' since it isn't a known property of 'button' in angular PrimeNG
- Error: EACCES: permission denied, mkdir '/usr/local/lib/node_modules/node-sass/build'
- How to use provideHttpClient with route-specific interceptors in Angular?
- types/ws Type 'Server' is not generic
- Deploy Angular 17 with SSR on IIS Server
- Google Pay Button Disable on Condition
- Use of "this" to reference an element from inside it worked in Angular 18, fails in 19
- 3rd party cookies in Android 14/New Chrome using Angular/Firebase Auth/Hosting and NodeJs in Server
- Angular CDK Dialog is not rendering as a static/Fixed/Absolute layout
- Debouncing a search term when using the new Angular Resource API?
- How do I get the id of a form input element for a label in a reusable Angular component template?