Menu
I have some Rest endpoints in my project which I call from a client application in another server. I have successfully disabled Cors using the @CrossOrigin annotation, and all the methods work fine except the Delete method which throws the following error on Chrome:
XMLHttpRequest cannot load http://localhost:8856/robotpart/1291542214/compatibilities. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8888' is therefore not allowed access. The response had HTTP status code 403.
Here is my controller:
@CrossOrigin(origins = "*")
@ExposesResourceFor(RobotPart.class)
public class RobotPartController {
//All endpoints are working except the Delete Mapping
@GetMapping("/robotpart")
public ResponseEntity<List<RobotPartResource>> listAllParts() {
//..
}
@GetMapping("/robotpart/{id}")
public ResponseEntity<RobotPartResource> getById(@PathVariable Integer id) {
//..
}
@GetMapping("/robotpart/{id}/compatibilities")
public ResponseEntity<Collection<RobotPartResource>> getRobotCompatibilities(@PathVariable Integer id,
//..
}
@PostMapping("/robotpart")
public ResponseEntity<RobotPartResource> getById(@RequestBody @Valid RobotPart newRobot) {
//..
@PutMapping("/robotpart/{id}")
public ResponseEntity<RobotPartResource> modify(@PathVariable Integer id, @Valid @RequestBody RobotPart newRobot) {
//...
}
@DeleteMapping("/robotpart/{id}")
public ResponseEntity<RobotPart> deleteById(@PathVariable Integer id) {
//...
}
}
Any way around it?
488
To delete a CORS policy (console)On the Containers page, choose the name of the container that you want to delete the CORS policy for. The container details page appears. In the Container CORS policy section, choose Delete CORS policy. Choose Continue to confirm, and then choose Save.
This @CrossOrigin annotation enables cross-origin resource sharing only for this specific method. By default, its allows all origins, all headers, and the HTTP methods specified in the @RequestMapping annotation. Also, a maxAge of 30 minutes is used.
Global CORS ConfigurationAs an alternative to the fine-grained annotation-based configuration, Spring lets us define a global CORS configuration out of our controllers. This is similar to using a Filter-based solution but can be declared within Spring MVC and combined with a fine-grained @CrossOrigin configuration.
I found a solution, after analyzing http requests, I noticed that Access-Control-Allow-Methods header was missing the DELETE method, so I have added it by delete the @CrossOrigin annotation, and adding this bean to the configuration:
@Bean
public WebMvcConfigurer corsConfigurer() {
return new WebMvcConfigurerAdapter() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/robotpart/**").allowedOrigins("*").allowedMethods("GET", "POST","PUT", "DELETE");
}
};
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With