Skip to content

@CrossOrigin on rest repositories does not work with configured base path [DATAREST-1019] #1381

Closed
@spring-projects-issues

Description

@spring-projects-issues

Patrik Mihalcin opened DATAREST-1019 and commented

I'm using Spring Boot 1.5.2.RELEASE and dependencies spring-boot-starter-data-rest and spring-boot-starter-data-jpa. This transitively pulls in spring-data-rest-core 2.6.1.RELEASE which is supposed to have CORS support based on the reference documentation and DATAREST-573.

My web application works fine and I expose REST api using app property spring.data.rest.base-path=/api. When I annotate my repo with @CrossOrigin annotation, e.g.

@CrossOrigin
public interface GroupRepository extends PagingAndSortingRepository<Group, Long>, QueryDslPredicateExecutor<Group> {
    List<Group> findByName(@Param("name") String name);
}

Spin up the application and invoke the following curl command:

curl -v -H "Accept: application/hal+json" -H "Origin: http://localhost:1234" http://localhost:8080/api/groups

The server side doesn't return CORS headers: Access-Control-Allow-Credentials, Access-Control-Allow-Origin


Affects: 3.0 M1 (Kay), 2.6.1 (Ingalls SR1)

Referenced from: pull request #259

Backported to: 2.6.2 (Ingalls SR2)

Metadata

Metadata

Assignees

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions