Jhipster CORS enable

Question

I am using Jhipster to generate API.

My api is on lets call it :

https://api.staging.test.com/

and my FE app is on :

https://staging.test.com/

Here is my config for Cors enable in application-prod.yml

cors:
     allowed-origins: "https://staging.test.com/"
     allowed-methods: "*"
     allowed-headers: GET, PUT, POST, DELETE, OPTIONS
     exposed-headers: "Authorization,Link,X-Total-Count"
     allow-credentials: true
     max-age: 1800

I still get this error :

Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://staging.test.com' is therefore not allowed access. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

Is there anything more that needs to be done in Spring boot to enable CORS ?

The `cors` key should be under `jhipster`, is it that way in your application-prod.yml? — Jon Ruddell, Aug 07 '18 at 16:35
Yes yes, i tested cors filter, he gets good info from application-prod.yml, something else is not working — user3364181, Aug 07 '18 at 17:09

score 11 · Answer 1 · answered Aug 07 '18 at 18:32

11

The only config needed to enable CORS in JHipster's Prod mode is to set the jhipster.cors configuration like below. One thing to note is that if your frontend is using a port, that needs to be included in the allowed-origins key.

jhipster:
    cors:
        allowed-origins: "https://staging.test.com:8080"
        allowed-methods: "*"
        allowed-headers: "*"
        exposed-headers: "Authorization,Link,X-Total-Count"
        allow-credentials: true
        max-age: 1800

This is loaded by JHipsterProperties and used in WebConfigurer.java to apply the CORS configuration.

answered Aug 07 '18 at 18:32

Jon Ruddell

6,244
1
22
40

I did exactly that and i get : Failed to load https://api.staging.test.com/api/tournaments: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://staging.test.com' is therefore not allowed access. – user3364181 Aug 07 '18 at 20:43
Based on that error message, don't put a port and don't put the trailing `/`. The `allowed-origins` should match the request's `origin` header exactly – Jon Ruddell Aug 07 '18 at 21:07
1

Do you have a loadbalancer or proxy in front of your app that may also require CORS? – Jon Ruddell Aug 08 '18 at 18:25
Make sure that any additional paths you have added on your own are included in [WebConfigurer.java](https://github.com/jhipster/jhipster-sample-app/blob/master/src/main/java/io/github/jhipster/sample/config/WebConfigurer.java#L182-L193) (search for "source.registerCorsConfiguration"). – hirro Aug 06 '19 at 06:26

Emmanuel Osimosu · Answer 2 · 2021-05-10T07:58:01.600

To enable CORS in PROD mode, comment out jhipster.cors in the base application.yml and customize as necessary.

  cors:
    allowed-origins: 'https://staging.test.com'
    allowed-methods: '*'
    allowed-headers: '*'
    exposed-headers: 'Authorization,Link,X-Total-Count,X-${jhipster.clientApp.name}-alert,X-${jhipster.clientApp.name}-error,X-${jhipster.clientApp.name}-params'
    allow-credentials: true
    max-age: 1800

If you have configured any new root path, make sure it's registered for cors in WebConfigurer.java

@Bean
public CorsFilter corsFilter() {
    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    CorsConfiguration config = jHipsterProperties.getCors();
    if (!CollectionUtils.isEmpty(config.getAllowedOrigins())) {
        log.debug("Registering CORS filter");
        source.registerCorsConfiguration("/newrootpath/**", config); // add this
        source.registerCorsConfiguration("/api/**", config);
        source.registerCorsConfiguration("/management/**", config);
        source.registerCorsConfiguration("/v2/api-docs", config);
        source.registerCorsConfiguration("/v3/api-docs", config);
        source.registerCorsConfiguration("/swagger-resources", config);
        source.registerCorsConfiguration("/swagger-ui/**", config);
    }
    return new CorsFilter(source);
}

If the new root path is configured using another AuthenticationManager ( a class that extends WebSecurityConfigurerAdapter) , make sure to add the filter CorsFilter there too.

This solution worked for me. it's very clear! Thank you Emmanuel — daniel rubambura, May 04 '21 at 07:59

score 1 · Answer 3 · answered Apr 28 '20 at 08:11

1

Faced the same issue. The easiest and safest way I found is to enable cors only for the specific methods you need exposed in your controller. At the method which serves your api, add @CrossOrigin("*") annotation. This works in production and there is no need to make any changes to application-prod.yml.

answered Apr 28 '20 at 08:11

gachokaeric

90
3

I found a good article that talks more about the annotation. https://www.javaguides.net/2019/09/spring-boot-cors-crossorigin-example.html – Ebsan Dec 23 '20 at 19:43

Jhipster CORS enable

3 Answers3

Linked