Spring Cloud Gateway Cors issue

Question

I'm having issues setting up CORS configuration in a spring cloud gateway app. I've set the following config to allow everything from everything:

spring:
  cloud:
    gateway:
      globalcors:
        corsConfigurations:
          '[/**]':
            allowedOrigins: "*"
            allowedMethods: "*"
            allowedHeaders: "authorization"

Yet, when I'm calling an endpoint to the gateway I'm getting:

OPTIONS http://localhost:8080/api/spot/spots 403 (Forbidden)
localhost/:1 Access to XMLHttpRequest at 'http://localhost:8080/api/spot/spots' from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

When I call one of the services by-passing the gateway via the UI, the requests are going through fine. However, I don't see any options requests being made.

And as soon as I point the UI to the gateway host, the error occurs.

Also in the Network tab, the request shows up as "failed", no other information. Nothing in any of the application logs either. These are the response headers:

HTTP/1.1 200 OK
transfer-encoding: chunked
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Access-Control-Allow-Origin: *
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/json
Date: Tue, 10 Mar 2020 21:24:11 GMT

When restarting the Item service (responsible for this endpoint), I'm getting a 500:

timestamp: "2020-03-10T21:28:33.568+0000"
path: "/api/spot/spots"
status: 500
error: "Internal Server Error"
message: "Connection refused: localhost/127.0.0.1:49508"
requestId: "68570bc1"

Which points to the old random port, meaning the gateway can connect to it somehow.

Any ideas what I'm missing?

Thanks.

• The app is open-source and available here.
• The SpotController can be found here.
• The spring-security configuration for that endpoint can be found here.
• The gateway config can be found here.

Here are the logs of the api gateway app, when set on debug (full logs here):

2020-03-10 22:24:10.744 DEBUG 57262 --- [ionManagerTimer] h.i.c.PoolingHttpClientConnectionManager : Closing expired connections
2020-03-10 22:24:10.812 DEBUG 57262 --- [er-item-service] c.netflix.loadbalancer.BaseLoadBalancer  : LoadBalancer:  PingTask executing [1] servers configured
2020-03-10 22:24:11.464 DEBUG 57262 --- [ctor-http-nio-2] r.n.http.server.HttpServerOperations     : [id: 0xd4a47354, L:/0:0:0:0:0:0:0:1:8080 - R:/0:0:0:0:0:0:0:1:59021] Increasing pending responses, now 1
2020-03-10 22:24:11.464 DEBUG 57262 --- [ctor-http-nio-2] reactor.netty.http.server.HttpServer     : [id: 0xd4a47354, L:/0:0:0:0:0:0:0:1:8080 - R:/0:0:0:0:0:0:0:1:59021] Handler is being applied: org.springframework.http.server.reactive.ReactorHttpHandlerAdapter@528c0cbe
2020-03-10 22:24:11.464 DEBUG 57262 --- [ctor-http-nio-2] o.s.w.s.adapter.HttpWebHandlerAdapter    : [d4a47354] HTTP OPTIONS "/api/spot/spots"
2020-03-10 22:24:11.466 DEBUG 57262 --- [ctor-http-nio-2] o.s.c.g.h.RoutePredicateHandlerMapping   : Route matched: item-service
2020-03-10 22:24:11.466 DEBUG 57262 --- [ctor-http-nio-2] o.s.c.g.h.RoutePredicateHandlerMapping   : Mapping [Exchange: OPTIONS http://localhost:8080/api/spot/spots] to Route{id='item-service', uri=lb://item-service, order=0, predicate=Paths: [/api/spot/**], match trailing slash: true, gatewayFilters=[], metadata={}}
2020-03-10 22:24:11.466 DEBUG 57262 --- [ctor-http-nio-2] o.s.c.g.h.RoutePredicateHandlerMapping   : [d4a47354] Mapped to org.springframework.cloud.gateway.handler.FilteringWebHandler@14780192
2020-03-10 22:24:11.467 DEBUG 57262 --- [ctor-http-nio-2] o.s.w.s.adapter.HttpWebHandlerAdapter    : [d4a47354] Completed 200 OK
2020-03-10 22:24:11.468 DEBUG 57262 --- [ctor-http-nio-2] r.n.http.server.HttpServerOperations     : [id: 0xd4a47354, L:/0:0:0:0:0:0:0:1:8080 - R:/0:0:0:0:0:0:0:1:59021] Last HTTP response frame
2020-03-10 22:24:11.468 DEBUG 57262 --- [ctor-http-nio-2] r.n.http.server.HttpServerOperations     : [id: 0xd4a47354, L:/0:0:0:0:0:0:0:1:8080 - R:/0:0:0:0:0:0:0:1:59021] No sendHeaders() called before complete, sending zero-length header
2020-03-10 22:24:11.468 DEBUG 57262 --- [ctor-http-nio-2] r.n.http.server.HttpServerOperations     : [id: 0xd4a47354, L:/0:0:0:0:0:0:0:1:8080 - R:/0:0:0:0:0:0:0:1:59021] Decreasing pending responses, now 0
2020-03-10 22:24:11.468 DEBUG 57262 --- [ctor-http-nio-2] r.n.http.server.HttpServerOperations     : [id: 0xd4a47354, L:/0:0:0:0:0:0:0:1:8080 - R:/0:0:0:0:0:0:0:1:59021] Last HTTP packet was sent, terminating the channel
2020-03-10 22:24:11.468 DEBUG 57262 --- [ctor-http-nio-2] r.n.channel.ChannelOperationsHandler     : [id: 0xd4a47354, L:/0:0:0:0:0:0:0:1:8080 - R:/0:0:0:0:0:0:0:1:59021] No ChannelOperation attached. Dropping: EmptyLastHttpContent
2020-03-10 22:24:11.486 DEBUG 57262 --- [ctor-http-nio-2] r.n.http.server.HttpServerOperations     : [id: 0xd4a47354, L:/0:0:0:0:0:0:0:1:8080 - R:/0:0:0:0:0:0:0:1:59021] Increasing pending responses, now 1
2020-03-10 22:24:11.486 DEBUG 57262 --- [ctor-http-nio-2] reactor.netty.http.server.HttpServer     : [id: 0xd4a47354, L:/0:0:0:0:0:0:0:1:8080 - R:/0:0:0:0:0:0:0:1:59021] Handler is being applied: org.springframework.http.server.reactive.ReactorHttpHandlerAdapter@528c0cbe
2020-03-10 22:24:11.486 DEBUG 57262 --- [ctor-http-nio-2] o.s.w.s.adapter.HttpWebHandlerAdapter    : [d4a47354] HTTP GET "/api/spot/spots"
2020-03-10 22:24:11.488 DEBUG 57262 --- [ctor-http-nio-2] o.s.c.g.h.RoutePredicateHandlerMapping   : Route matched: item-service
2020-03-10 22:24:11.488 DEBUG 57262 --- [ctor-http-nio-2] o.s.c.g.h.RoutePredicateHandlerMapping   : Mapping [Exchange: GET http://localhost:8080/api/spot/spots] to Route{id='item-service', uri=lb://item-service, order=0, predicate=Paths: [/api/spot/**], match trailing slash: true, gatewayFilters=[], metadata={}}
2020-03-10 22:24:11.488 DEBUG 57262 --- [ctor-http-nio-2] o.s.c.g.h.RoutePredicateHandlerMapping   : [d4a47354] Mapped to org.springframework.cloud.gateway.handler.FilteringWebHandler@14780192
2020-03-10 22:24:11.488 DEBUG 57262 --- [ctor-http-nio-2] o.s.c.g.handler.FilteringWebHandler      : Sorted gatewayFilterFactories: [[GatewayFilterAdapter{delegate=org.springframework.cloud.gateway.filter.RemoveCachedBodyFilter@22bf9122}, order = -2147483648], [GatewayFilterAdapter{delegate=org.springframework.cloud.gateway.filter.AdaptCachedBodyGlobalFilter@69aa7d76}, order = -2147482648], [GatewayFilterAdapter{delegate=org.springframework.cloud.gateway.filter.NettyWriteResponseFilter@3d88e6b9}, order = -1], [GatewayFilterAdapter{delegate=org.springframework.cloud.gateway.filter.ForwardPathFilter@9687f55}, order = 0], [GatewayFilterAdapter{delegate=org.springframework.cloud.gateway.filter.GatewayMetricsFilter@671d03bb}, order = 0], [GatewayFilterAdapter{delegate=org.springframework.cloud.gateway.filter.RouteToRequestUrlFilter@208205ed}, order = 10000], [GatewayFilterAdapter{delegate=org.springframework.cloud.gateway.filter.LoadBalancerClientFilter@36068727}, order = 10100], [GatewayFilterAdapter{delegate=org.springframework.cloud.gateway.filter.WebsocketRoutingFilter@5700c9db}, order = 2147483646], [GatewayFilterAdapter{delegate=org.springframework.cloud.gateway.filter.NettyRoutingFilter@72543547}, order = 2147483647], [GatewayFilterAdapter{delegate=org.springframework.cloud.gateway.filter.ForwardRoutingFilter@73afe2b7}, order = 2147483647]]
2020-03-10 22:24:11.489 DEBUG 57262 --- [ctor-http-nio-2] c.n.loadbalancer.ZoneAwareLoadBalancer   : Zone aware logic disabled or there is only one zone
2020-03-10 22:24:11.490 DEBUG 57262 --- [ctor-http-nio-2] r.n.resources.PooledConnectionProvider   : [id: 0x687fa33b] Created new pooled channel, now 1 active connections and 0 inactive connections
2020-03-10 22:24:11.491 DEBUG 57262 --- [ctor-http-nio-2] reactor.netty.channel.BootstrapHandlers  : [id: 0x687fa33b] Initialized pipeline DefaultChannelPipeline{(BootstrapHandlers$BootstrapInitializerHandler#0 = reactor.netty.channel.BootstrapHandlers$BootstrapInitializerHandler), (reactor.left.httpCodec = io.netty.handler.codec.http.HttpClientCodec), (reactor.right.reactiveBridge = reactor.netty.channel.ChannelOperationsHandler)}
2020-03-10 22:24:11.496 DEBUG 57262 --- [ctor-http-nio-2] r.n.resources.PooledConnectionProvider   : [id: 0x687fa33b, L:/127.0.0.1:61299 - R:localhost/127.0.0.1:49508] Channel connected, now 1 active connections and 0 inactive connections
2020-03-10 22:24:11.496 DEBUG 57262 --- [ctor-http-nio-2] r.n.resources.PooledConnectionProvider   : [id: 0x687fa33b, L:/127.0.0.1:61299 - R:localhost/127.0.0.1:49508] onStateChange(PooledConnection{channel=[id: 0x687fa33b, L:/127.0.0.1:61299 - R:localhost/127.0.0.1:49508]}, [connected])
2020-03-10 22:24:11.496 DEBUG 57262 --- [ctor-http-nio-2] r.n.resources.PooledConnectionProvider   : [id: 0x687fa33b, L:/127.0.0.1:61299 - R:localhost/127.0.0.1:49508] onStateChange(GET{uri=/, connection=PooledConnection{channel=[id: 0x687fa33b, L:/127.0.0.1:61299 - R:localhost/127.0.0.1:49508]}}, [configured])
2020-03-10 22:24:11.496 DEBUG 57262 --- [ctor-http-nio-2] r.netty.http.client.HttpClientConnect    : [id: 0x687fa33b, L:/127.0.0.1:61299 - R:localhost/127.0.0.1:49508] Handler is being applied: {uri=http://localhost:49508/api/spot/spots, method=GET}
2020-03-10 22:24:11.497 DEBUG 57262 --- [ctor-http-nio-2] reactor.netty.channel.FluxReceive        : [id: 0xd4a47354, L:/0:0:0:0:0:0:0:1:8080 - R:/0:0:0:0:0:0:0:1:59021] Subscribing inbound receiver [pending: 0, cancelled:false, inboundDone: true]
2020-03-10 22:24:11.497 DEBUG 57262 --- [ctor-http-nio-2] r.n.resources.PooledConnectionProvider   : [id: 0x687fa33b, L:/127.0.0.1:61299 - R:localhost/127.0.0.1:49508] onStateChange(GET{uri=/api/spot/spots, connection=PooledConnection{channel=[id: 0x687fa33b, L:/127.0.0.1:61299 - R:localhost/127.0.0.1:49508]}}, [request_sent])
2020-03-10 22:24:11.579 DEBUG 57262 --- [ctor-http-nio-2] r.n.http.client.HttpClientOperations     : [id: 0x687fa33b, L:/127.0.0.1:61299 - R:localhost/127.0.0.1:49508] Received response (auto-read:false) : [Vary=Origin, Vary=Access-Control-Request-Method, Vary=Access-Control-Request-Headers, Access-Control-Allow-Origin=*, X-Content-Type-Options=nosniff, X-XSS-Protection=1; mode=block, Cache-Control=no-cache, no-store, max-age=0, must-revalidate, Pragma=no-cache, Expires=0, X-Frame-Options=DENY, Content-Type=application/json, Transfer-Encoding=chunked, Date=Tue, 10 Mar 2020 21:24:11 GMT]
2020-03-10 22:24:11.579 DEBUG 57262 --- [ctor-http-nio-2] r.n.resources.PooledConnectionProvider   : [id: 0x687fa33b, L:/127.0.0.1:61299 - R:localhost/127.0.0.1:49508] onStateChange(GET{uri=/api/spot/spots, connection=PooledConnection{channel=[id: 0x687fa33b, L:/127.0.0.1:61299 - R:localhost/127.0.0.1:49508]}}, [response_received])
2020-03-10 22:24:11.580 DEBUG 57262 --- [ctor-http-nio-2] reactor.netty.channel.FluxReceive        : [id: 0x687fa33b, L:/127.0.0.1:61299 - R:localhost/127.0.0.1:49508] Subscribing inbound receiver [pending: 0, cancelled:false, inboundDone: false]
2020-03-10 22:24:11.581 DEBUG 57262 --- [ctor-http-nio-2] r.n.http.client.HttpClientOperations     : [id: 0x687fa33b, L:/127.0.0.1:61299 - R:localhost/127.0.0.1:49508] Received last HTTP packet
2020-03-10 22:24:11.581 DEBUG 57262 --- [ctor-http-nio-2] o.s.w.s.adapter.HttpWebHandlerAdapter    : [d4a47354] Completed 200 OK
2020-03-10 22:24:11.581 DEBUG 57262 --- [ctor-http-nio-2] r.n.http.server.HttpServerOperations     : [id: 0xd4a47354, L:/0:0:0:0:0:0:0:1:8080 - R:/0:0:0:0:0:0:0:1:59021] Last HTTP response frame
2020-03-10 22:24:11.581 DEBUG 57262 --- [ctor-http-nio-2] r.n.http.server.HttpServerOperations     : [id: 0xd4a47354, L:/0:0:0:0:0:0:0:1:8080 - R:/0:0:0:0:0:0:0:1:59021] Decreasing pending responses, now 0
2020-03-10 22:24:11.581 DEBUG 57262 --- [ctor-http-nio-2] r.n.http.server.HttpServerOperations     : [id: 0xd4a47354, L:/0:0:0:0:0:0:0:1:8080 - R:/0:0:0:0:0:0:0:1:59021] Last HTTP packet was sent, terminating the channel
2020-03-10 22:24:11.581 DEBUG 57262 --- [ctor-http-nio-2] r.n.resources.PooledConnectionProvider   : [id: 0x687fa33b, L:/127.0.0.1:61299 - R:localhost/127.0.0.1:49508] onStateChange(GET{uri=/api/spot/spots, connection=PooledConnection{channel=[id: 0x687fa33b, L:/127.0.0.1:61299 - R:localhost/127.0.0.1:49508]}}, [disconnecting])
2020-03-10 22:24:11.581 DEBUG 57262 --- [ctor-http-nio-2] r.n.resources.PooledConnectionProvider   : [id: 0x687fa33b, L:/127.0.0.1:61299 - R:localhost/127.0.0.1:49508] Releasing channel
2020-03-10 22:24:11.582 DEBUG 57262 --- [ctor-http-nio-2] r.n.resources.PooledConnectionProvider   : [id: 0x687fa33b, L:/127.0.0.1:61299 - R:localhost/127.0.0.1:49508] Channel cleaned, now 0 active connections and 1 inactive connections
2020-03-10 22:24:11.831 DEBUG 57262 --- [erListUpdater-1] c.n.l.DynamicServerListLoadBalancer      : List of Servers for item-service obtained from Discovery client: [localhost:49508]
2020-03-10 22:24:11.831 DEBUG 57262 --- [erListUpdater-1] c.n.l.ZoneAffinityServerListFilter       : Determining if zone affinity should be enabled with given server list: [localhost:49508]
2020-03-10 22:24:11.831 DEBUG 57262 --- [erListUpdater-1] c.n.l.ZoneAffinityServerListFilter       : zoneAffinity is overriden. blackOutServerPercentage: 0.0, activeReqeustsPerServer: 0.0, availableServers: 1
2020-03-10 22:24:11.831 DEBUG 57262 --- [erListUpdater-1] c.n.l.DynamicServerListLoadBalancer      : Filtered List of Servers for item-service obtained from Discovery client: [localhost:49508]
2020-03-10 22:24:11.831 DEBUG 57262 --- [erListUpdater-1] c.netflix.loadbalancer.BaseLoadBalancer  : LoadBalancer [item-service]: clearing server list (SET op)
2020-03-10 22:24:11.831 DEBUG 57262 --- [erListUpdater-1] c.netflix.loadbalancer.BaseLoadBalancer  : LoadBalancer [item-service]:  addServer [localhost:49508]
2020-03-10 22:24:11.831 DEBUG 57262 --- [erListUpdater-1] c.n.l.DynamicServerListLoadBalancer      : Setting server list for zones: {defaultzone=[localhost:49508]}
2020-03-10 22:24:11.832 DEBUG 57262 --- [erListUpdater-1] c.netflix.loadbalancer.BaseLoadBalancer  : LoadBalancer [item-service_defaultzone]: clearing server list (SET op)
2020-03-10 22:24:11.832 DEBUG 57262 --- [erListUpdater-1] c.netflix.loadbalancer.BaseLoadBalancer  : LoadBalancer [item-service_defaultzone]:  addServer [localhost:49508]
2020-03-10 22:24:11.832 DEBUG 57262 --- [erListUpdater-1] c.netflix.loadbalancer.BaseLoadBalancer  : LoadBalancer [item-service]:  forceQuickPing invoking
2020-03-10 22:24:11.832 DEBUG 57262 --- [erListUpdater-1] c.netflix.loadbalancer.BaseLoadBalancer  : LoadBalancer:  PingTask executing [1] servers configured

Answer 1

Did you tried to change the allowedHeaders: "authorization" to allowedHeaders: "*". I had the same issue and was fixed just changing the allowHeaders to the wildcard since I was receiving from the client as header x-requested-with, authorization.