OiO.lk Blog java How to solve error “Response to preflight request doesn't pass access control check”
java

How to solve error “Response to preflight request doesn't pass access control check”

  • By admin
  • October 26, 2024
  • 0 Comments
  • 1 minute read
  • 2 Views
  • 2 hours ago


I have a Spring Boot application with Spring Security running on localhost:8080 and a react application running on localhost:5173. I try to perform a request to the backend and I receive this error:

Access to fetch at ‘http://localhost:8080/users’ from origin ‘http://localhost:5173’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. If an opaque response serves your needs, set the request’s mode to ‘no-cors’ to fetch the resource with CORS disabled.

I tried everything.

  1. I enabled CORS extension on Opera (the browser that I use).
  2. I added this code to the WebSecurityConfig.
@Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        CorsConfiguration corsConfiguration = new CorsConfiguration();
        corsConfiguration.setAllowedHeaders(List.of("Authorization", "Cache-Control", "Content-Type"));
        corsConfiguration.setAllowedOrigins(List.of("*"));
        corsConfiguration.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "PUT","OPTIONS","PATCH", "DELETE"));
        corsConfiguration.setAllowCredentials(true);
        corsConfiguration.setExposedHeaders(List.of("Authorization"));

        return http
                .csrf(AbstractHttpConfigurer::disable)
                .cors(Customizer.withDefaults())
                .authorizeHttpRequests(auth -> auth
                        .requestMatchers("/auth/**").permitAll()
                        .anyRequest().authenticated()
                )
                .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
                .addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class)
                .build();
    }

  1. I added @CrossOrigin annotation to all Controllers in the Spring app.

  2. I added this @Bean to WebSecurityConfig.

@Bean
    public CorsConfigurationSource corsConfigurationSource() {
        CorsConfiguration configuration = new CorsConfiguration();
        configuration.addAllowedOrigin("http://localhost:5173");
        configuration.addAllowedMethod("GET");
        configuration.addAllowedMethod("POST");
        configuration.addAllowedMethod("PUT");
        configuration.addAllowedMethod("DELETE");
        configuration.addAllowedMethod("OPTIONS");
        configuration.addAllowedHeader("*");
        configuration.setAllowCredentials(true);
        configuration.setMaxAge(3600L);

        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", configuration);
        return source;
    }

I am desperate. Why don’t any of these solutions actually fix the problem and what else can I try?



You need to sign in to view this answers

Leave a Comment

Related Post

HTML

“How to use JavaScript to detect which page is

October 26, 2024
Android

Eclipse ADT with Android 14 SDK?

October 26, 2024
PHP

Website url works well on browser but breaks when

October 26, 2024
C#

cannot install “cmake” – E: Unable to locate package

October 26, 2024
java

Prevent Byte Buddy from reifying type arguments when implementing

October 26, 2024
python

execvp/execl with binary object as parameter

October 26, 2024
Exit mobile version