Menu
I've looked at other questions on the site similar to this and despite doing those resolutions, my issue remains the same.
Side note, I also tried setHeader(clientOrigin)
I am using Spring Boot v1.2.7.RELEASE and The Spring Console is what is telling me that Origin Header Value not allowed. My client returns with a 403 forbidden.
package app.config;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;
@Component
public class CorsFilter implements Filter {
private final Logger log = LoggerFactory.getLogger(CorsFilter.class);
public CorsFilter() {
log.info("SimpleCORSFilter init");
}
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
String clientOrigin = request.getHeader("origin");
response.addHeader("Access-Control-Allow-Origin", clientOrigin);
response.setHeader("Access-Control-Allow-Methods", "POST, GET, DELETE, PUT");
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "Accept, Content-Type, Origin, Authorization, X-Auth-Token");
response.addHeader("Access-Control-Expose-Headers", "X-Auth-Token");
if (request.getMethod().equals("OPTIONS")) {
response.setStatus(HttpServletResponse.SC_OK);
} else {
chain.doFilter(request, response);
}
}
@Override
public void init(FilterConfig filterConfig) {
}
@Override
public void destroy() {
}
}
Accept:*/*
Accept-Encoding:gzip, deflate, sdch
Accept-Language:en-US,en;q=0.8
Connection:keep-alive
Cookie:JSESSIONID=BDD1655C91FD8DD73A8A0B021BFFC0E7
Host:192.168.1.66:8080
Origin:http://192.168.1.66:8105
Referer:http://192.168.1.66:8105/
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:Accept, Content-Type, Origin, Authorization, X-Auth-Token
Access-Control-Allow-Methods:POST, GET, DELETE, PUT
Access-Control-Allow-Origin:http://192.168.1.66:8105
Access-Control-Expose-Headers:X-Auth-Token
Access-Control-Max-Age:3600
Cache-Control:no-store, no-cache, must-revalidate, max-age=0
Content-Length:0
Date:Sat, 28 Nov 2015 23:49:56 GMT
Server:Apache-Coyote/1.1
The call I am trying to make is a SocketJS call and its a get call. The following script is being called.
var socket = new SockJS($scope.siteUrl+'/connect?TOKEN='+$localstorage.get('X-AUTH-TOKEN-TRIVIA'));
$scope.stompClient = Stomp.over(socket);
$scope.stompClient.connect({"Authorization":"TOKEN" }, function(frame) {
console.log('Connected: ' + frame);
stompClient.subscribe($scope.siteUrl+'/socketupdate', function(greeting){
$scope.activegame = JSON.parse(greeting.body).content;
});
});
As you can see, I am passing the token as a query string because for some strange reason SocketJS does not allow me to pass the X-AUTH-TOKEN via header.
My client server is however on a different port. I am building an app utilizing ionic which is a angular based framework.
I notice that the error comes from my WebSocketService
2015-11-29 03:22:32.417 WARN 33932 --- [nio-8080-exec-1] o.s.w.s.s.t.h.DefaultSockJsService : Origin header value 'http://192.168.1.66:8105' not allowed.
would this mean I have to set something in the WebSocketConfig that will accept this ??
674
In that case you can change the security policy in your Google Chrome browser to allow Access-Control-Allow-Origin. This is very simple: Create a Chrome browser shortcut. Right click short cut icon -> Properties -> Shortcut -> Target.
The CORS request requires that the server permit the use of credentials, but the server's Access-Control-Allow-Credentials header's value isn't set to true to enable their use. To fix this problem on the client side, revise the code to not request the use of credentials.
in your WebsocketConfig.java
@Override
public void registerStompEndpoints(StompEndpointRegistry stompEndpointRegistry) {
stompEndpointRegistry.addEndpoint("/ws").setAllowedOrigins("*").withSockJS();
}
notice:
.setAllowedOrigins("*")
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
