CORS configuration not working in Spring Cloud Gateway
Accessing API from browser (a jQuery script) is getting blocked. Here is the error message I am getting:
Access to XMLHttpRequest at 'http://localhost:8765/conversion/convert' from origin 'null' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
My jQuery script in a HTML file:
$.ajax({
type: 'POST',
url: 'http://localhost:8765/conversion/convert',
headers: {
'Content-Type': 'application/json',
'Authorization': 'Bearer MY_JWT_TOKEN'
},
data: JSON.stringify({
id: 1,
from: 'usd',
to: 'bdt',
quantity: 100
}),
success: function(data) {
console.log(data);
},
error: function(error) {
console.error(error);
}
});
Maven Dependencies and Versions:
- spring-cloud-gateway: 2022.0.4
- spring-cloud-starter-gateway: 3.1.6
- spring-boot-starter-oauth2-resource-server: 3.1.6
- spring-cloud-starter-netflix-eureka-client
I have configured OAuth2 (Keycloak) with my API gateway and used CORS (globalcors) config in my Gateway service config file (yml) as directed on official Spring Cloud page. I also tried all the different approaches from internet, nothing seems working.
spring:
security:
oauth2:
resourceserver:
jwt:
issuer-ui: http://localhost:9000/realms/Microservices-demo-realm
jws-algorithm: RS256
cloud:
gateway:
globalcors:
cors-configurations:
'[/**]':
allowedOrigins: "*"
allowedMethods: "*"
allowedHeaders: "*"
default-filters:
- DedupeResponseHeader=Access-Control-Allow-Credentials Access-Control-Allow-Origin RETAIN_UNIQUE
- name: TokenRelay
routes:
- id: conversion-service
uri: lb://currency-conversion
predicates:
- Path=/conversion/**
Here is the Google Chrome Network Console:
I have also tried from a tiny ReactJS app and CORS are being block from there as well. Here is a screenshot:
Please help!
A simple way to avoid CORS errors without the need for CORS configuration is to have same origin (serve your website through the gateway too, not only the API).
gateway-uri: http://localhost:7080
ui-uri: http://localhost:4200
rest-api-service-uri: http://localhost:6080
spring:
cloud:
gateway:
default-filters:
- DedupeResponseHeader=Access-Control-Allow-Credentials Access-Control-Allow-Origin
routes:
# Redirection from / to /ui/
- id: home
uri: ${gateway-uri}
predicates:
- Path=/
filters:
- RedirectTo=301,${gateway-uri}/ui/
# Serve a SPA through the gateway (requires it to have a baseHref set as /ui)
- id: ui
uri: ${ui-uri}
predicates:
- Path=/ui/**
# Access the API with BFF pattern
- id: bff
uri: ${rest-api-service-uri}
predicates:
- Path=/bff/v1/**
filters:
- TokenRelay=
- SaveSession
- StripPrefix=2
With
- this routes definitions
- gateway running on port 7080
- REST API running on 6080
- SPA hosted on let's say 4200
I can:
- access the SPA assets from
http://localhost:7080/ui/*(request are routed tohttp://localhost:4200/ui/*) - send REST requests to
http://localhost:7080/bff/v1/*(request are routed tohttp://localhost:6080/*, the/bff/v1prefix being stripped)
So with this setup, from the browser perspective, all network exchanges are made with http://localhost:7080 => no cross origin
P.S.
This is not the question, but configuring a gateway as a resource server is a bad idea, specially when it is queried by some Javascript code running in browsers.
It would better be configured as a client with oauth2Login() and the TokenRelay= filter. The REST APIs behind the gateway would then be candidates for oauth2ResourceServer() configuration. I posted a tutorial for that on Baeldung.
- Spring JPA: Providing Schema Name Dynamically
- Spring SecurityContext not available when using parallelStream
- How to tell Spring Boot to use another DB for test?
- How to use abstract classes in Spring Boot?
- Query in jsonb (JSON array) column with JPA native query
- What determines spring boots bean registration order for auto configurations?
- Disabling Basic Auth in Spring Boot 3
- How to access in memory h2 database of one spring boot application from another spring boot application
- Module not found if graalpy is packaged in Spring Boot Jar
- stream is closed and Could not find acceptable representation error
- Liquibase cannot find changelog file
- Maven Plugin not found in IntelliJ IDE
- SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder
- Spring Cloud Stream Kafka consumer in batch mode is not retrying
- High memory usage in JVM level - org.springframework.boot.actuate.autoconfigure.metrics.AutoConfiguredCompositeMeterRegistry
- Glassfish uses internal module library instead of application library
- How to use variables in graphql query via dgs java graphql client?
- Include .ttf font into pdf generated with Flying Saucer and Spring-Boot
- Spring - checking path variable for null at controller
- Implement Spring Security with multiple overlapping AuthenticationProvider
- SpringSecurity CSRF protection
- Async methods throws "Implementation of JAXB-API has not been found on module path or classpath"
- Calling a service name using RestClient, HttpInterfaces and Eureka
- Spring Boot YAML configuration for a list of strings
- H2 not creating/updating table in my Spring Boot app. Something's wrong with my Entity?
- How to disable Spring Cloud Kubernetes in a Maven build
- Repository bean defined in @EnableJpaRepositories declared on Application, could not be registered. A bean with that name has already been defined
- How to publish pact verification result to pact broker in gradle?
- maven-shade-plugin - Cannot find 'resource' in class org.apache.maven.plugins.shade.resource.ManifestResourceTransformer
- InvalidDefinitionException No serializer found in java for generic class