-
Notifications
You must be signed in to change notification settings - Fork 3.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CORS issue with spring cloud gateway #1922
Comments
Can you provide a complete, minimal, verifiable sample that reproduces the problem? It should be available as a GitHub (or similar) project or attached to this issue as a zip file. |
i changed my configuration. now it is working. allowedOrigins does not like "". i removed the "" here is my working configuration. i am using spring boot version: 2.3.1.RELEASE, Hoxton.SR5, 3.1.2.RELEASE spring cloud service. spring: |
Please learn how to properly format code and logs. |
Closing since the issue has been resolved. |
This is my configuration in spring cloud gateway. but it does not seem to work
spring:
cloud:
gateway:
globalcors:
add-to-simple-url-handler-mapping: true
corsConfigurations:
'[/**]':
allowedOrigins: "https://eap.apps.uat.cf.az.cihs.gov.on.ca"
allowedHeaders: "*"
allow-credentials: true
This is message that i got from inspect
Access to XMLHttpRequest at 'https://intra.ws.dev.bil.css.gov.on.ca/api/common/security/sams/userprofile' from origin 'https://eap.apps.uat.cf.az.cihs.gov.on.ca' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
This are the response headers from inspect . not sure "where Access-Control-Allow-Origin: *" came from.
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, X-CSRF-TOKEN
Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 3600
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Length: 46
Content-Type: application/json
Date: Sat, 29 Aug 2020 00:25:27 GMT
Expires: 0
Pragma: no-cache
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Vary: Origin
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Vcap-Request-Id: d95e0aba-8645-43a0-67a0-54d405a7d6fa
X-Xss-Protection: 1; mode=block
Thanks
Kelly
The text was updated successfully, but these errors were encountered: