CORS problem in API Gateway using Springboot consumed by Angular

Question

I have CORS Config problem using my API Gateway in Springboot. What I'm trying to do is to consume the methods from my microservices through the API Gateway. Here's the error in angular : API Gateway code :

@Configuration
@EnableWebFluxSecurity
public class SecurityConfig {

    @Bean
    public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity serverHttpSecurity) {
        return serverHttpSecurity.csrf(ServerHttpSecurity.CsrfSpec::disable)
                .authorizeExchange(exchange -> exchange.pathMatchers("/eureka/**","/users/add-user")
                        .permitAll()
                        .anyExchange().authenticated()
                )


        .oauth2ResourceServer((oauth) -> oauth
                        .jwt(Customizer.withDefaults()))
                .build();
    }
}

And one more question, should I only implment the CORS config once in the API Gateway only ? Or should I implement it in every used microservice ?

I tried to consume microservices methods in Angular throught the API Gateway.

Answer 1

I am assuming you route all your requests via Gateway microservice. If that is the case, you might want to create a GlobalCorsConfig on your gateway microservice. I will be posting an example below. Please, modify this to meet up with your specific requirements.

@Configuration
public class GlobalCorsConfig {
    @Bean
    public CorsWebFilter corsWebFilter() {
        CorsConfiguration corsConfig = new CorsConfiguration();
        corsConfig.setAllowedOriginPatterns(List.of("/**"));
        corsConfig.setAllowedMethods(List.of("PUT", "GET", "POST", "DELETE", "OPTIONS"));
        corsConfig.setAllowedHeaders(List.of("Content-Type: Application/json", "Authorization"));
        corsConfig.setAllowCredentials(true);
        corsConfig.setMaxAge(3600L);
        return new CorsWebFilter(exchange -> corsConfig);
    }
}