Is my allowedOrigins specified correctly?
spring:
cloud:
gateway:
default-filters:
args:
retries: 3
globalcors:
corsConfigurations:
'[/**]':
allowedOrigins: "*"
allowedMethods:
- GET
- POST
- PUT
- DELETE
- OPTIONS
I still get the error:
... blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
But I'm not sure where to go from here.
Edit: Client code is here:
export const restClient = (jwtToken = null) => {
const nonSecureOptions = {
headers: {
'Accept': 'application/json',
'Content-Type': 'application/json',
},
};
const secureOptions = {
headers: {
'Accept': 'application/json',
'Content-Type': 'application/json',
'Content-Encoding': 'application/json',
'Authorization': `Bearer ${jwtToken}`,
},
};
const getDefaultOptions = (jwtToken) => jwtToken ? secureOptions : nonSecureOptions;
return {
get: (url, options = {}) => axios.get(url, { ...getDefaultOptions(jwtToken), ...options }),
post: (url, data, options = {}) => axios.post(url, data, { ...getDefaultOptions(jwtToken), ...options }),
put: (url, data, options = {}) => axios.put(url, data, { ...getDefaultOptions(jwtToken), ...options }),
delete: (url, options = {}) => axios.delete(url, { ...getDefaultOptions(jwtToken), ...options })
};
};
and it's being called like
const response = await restClient(token).get(myurl)
Because
Authorization header (the one and only so-called non-wildcard request-header name) to your request , andapplication/json as the value of the Content-Type request header,you need to also explicitly allow those headers:
globalcors:
corsConfigurations:
'[/**]':
allowedOrigins: "*"
allowedMethods:
- GET
- POST
- PUT
- DELETE
- OPTIONS
allowedHeaders:
- Authorization
- Content-Type