Menu
Recently I tried the new built-in CORS-Support in Spring 4. This feature is great and I want to implement this in my Spring Boot / AngularJS application.
All request works fine but I can't logout my user because the
OPTIONS-Request to/logoutis handled by Spring Security.
Is it possible to handle the OPTIONS-Request before Spring Security or should I attach CORS-Headers in LogoutSuccessHandler?
308
When working with Spring Security, it is recommended to use CorsFilter. You will want to ensure that you order the CorsFilter before Spring Security's FilterChainProxy.
You can refer to Spring Data Rest and Cors for details on using CorsFilter. For this issue, the difference is likely that you want to register only for the logout URL. For example:
@Bean
public CorsFilter corsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true); // you USUALLY want this
// likely you should limit this to specific origins
config.addAllowedOrigin("*");
config.addAllowedHeader("*");
config.addAllowedMethod("GET");
config.addAllowedMethod("POST");
config.addAllowedMethod("PUT");
source.registerCorsConfiguration("/logout", config);
return new CorsFilter(source);
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
