Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CORS issue with spring cloud gateway #1922

Closed
kxying-kk opened this issue Aug 29, 2020 · 4 comments
Closed

CORS issue with spring cloud gateway #1922

kxying-kk opened this issue Aug 29, 2020 · 4 comments

Comments

@kxying-kk
Copy link

This is my configuration in spring cloud gateway. but it does not seem to work
spring:
cloud:
gateway:
globalcors:
add-to-simple-url-handler-mapping: true
corsConfigurations:
'[/**]':
allowedOrigins: "https://eap.apps.uat.cf.az.cihs.gov.on.ca"
allowedHeaders: "*"
allow-credentials: true

This is message that i got from inspect
Access to XMLHttpRequest at 'https://intra.ws.dev.bil.css.gov.on.ca/api/common/security/sams/userprofile' from origin 'https://eap.apps.uat.cf.az.cihs.gov.on.ca' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

This are the response headers from inspect . not sure "where Access-Control-Allow-Origin: *" came from.
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, X-CSRF-TOKEN
Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 3600
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Length: 46
Content-Type: application/json
Date: Sat, 29 Aug 2020 00:25:27 GMT
Expires: 0
Pragma: no-cache
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Vary: Origin
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Vcap-Request-Id: d95e0aba-8645-43a0-67a0-54d405a7d6fa
X-Xss-Protection: 1; mode=block

Thanks
Kelly
@tony-clarke-amdocs
Copy link
Contributor

Can you provide a complete, minimal, verifiable sample that reproduces the problem? It should be available as a GitHub (or similar) project or attached to this issue as a zip file.

@kxying-kk
Copy link
Author

i changed my configuration. now it is working. allowedOrigins does not like "". i removed the ""

here is my working configuration. i am using spring boot version: 2.3.1.RELEASE, Hoxton.SR5, 3.1.2.RELEASE spring cloud service.

spring:
cloud:
gateway:
globalcors:
corsConfigurations:
'[/**]':
allowedOrigins:
- https://eap.apps.uat.cf.az.cihs.gov.on.ca
- https://2wm.apps.uat.cf.az.cihs.gov.on.ca
- http://2wm.apps.uat.cf.az.cihs.gov.on.ca
- https://sada.apps.uat.cf.az.cihs.gov.on.ca
- http://messaging.gov.on.ca
- http://localhost:4200
- http://localhost:8080
allowedHeaders:
- x-bil-req-timestamp
- x-bil-source-system
- x-bil-target-system
allow-credentials: true
allowedMethods:
- GET
- POST
- DELETE
- PUT
- OPTIONS
Thanks
Kelly

@OlgaMaciaszek
Copy link
Contributor

Please learn how to properly format code and logs.

@OlgaMaciaszek
Copy link
Contributor

Closing since the issue has been resolved.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@spencergibb @OlgaMaciaszek @spring-projects-issues @tony-clarke-amdocs @kxying-kk