Hi there, I am quite new to this and have been trying to make this work for a while before posting this question.
The layout of my app is as follows:
My SpringBoot app requires basic auth in order to access the resources, with the exception of /login where basic auth is not necessary. This and cors config below:
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.authorizeHttpRequests()
.requestMatchers(HttpMethod.OPTIONS, "/**").permitAll()
.requestMatchers("/login").permitAll()
.anyRequest().authenticated()
.and()
.httpBasic();
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.cors().and().csrf().disable();
return http.build();
}
@Bean
public WebMvcConfigurer corsConfigurer() {
return new WebMvcConfigurer() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedMethods(allowedMethod).allowedOrigins(allowedOrigins)
.allowedHeaders("*");
}
};
}
My nginx configs here:
server {
root /var/www/MYDOMAIN/html;
index index.html index.htm index.nginx-debian.html;
server_name MYDOMAIN www.MYDOMAIN;
location / {
if ($request_method = OPTIONS) {
return 204;
}
proxy_pass http://localhost:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/MYDOMAIN/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/MYDOMAIN/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.MYDOMAIN) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = MYDOMAIN) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name MYDOMAIN www.MYDOMAIN;
return 404; # managed by Certbot
}
my docker-compose simply starts the image binds 8080 and some configs to allow the springboot app to connect to the local mysql.
Up to this point, everything is set as I would expect and I can access my springboot app via the domain provided, login and access the entry points. I can even run my frontend locally, make axios requests to the deployed app and everything works as expected, however, the deployed frontend keeps getting cors errors when trying to make the requests to the springboot app hosted.
No 'Access-Control-Allow-Origin' header is present on the requested resource.
I presume I need to configure my nginx better, I even tried to add the following to my nginx config:
add_header Access-Control-Allow-Origin * always;
which makes the cors error go away but introduces another when querying my springboot app.
Would you see anything I am doing wrong given the info provided?
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
The line
http.cors().and().csrf().disable();
disables all Spring CORS logic, which means it’s only handled by the webserver. Presumably, the second @Bean is not even being executed in your example. So by default all proxy requests will cause CORS errors.You could
Access-Control-Allow-Origin
header in your proxy configuration