Access to XMLHttpRequest at '' () from origin '' has been blocked by CORS policy:No 'Access-Control-Allow-Origin' header is present

Question

I am getting the below issue while logging out from openid connect.

"Access to XMLHttpRequest at '' (redirected from '') from origin 'http://localhost:8080' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource."

and the Network call is showing "cancelled" status.

Here is code SecurityConfig.java

@Override
    protected void configure(HttpSecurity http) throws Exception {
        LOG.info("in configure httpsecurity");
        http.csrf().disable().cors().and()
        .addFilterAfter(new OAuth2ClientContextFilter(), AbstractPreAuthenticatedProcessingFilter.class)
        .addFilterAfter(myFilter(), OAuth2ClientContextFilter.class)
        .httpBasic().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint(openIdConfig.getEntrypoint()))
        .and()
        .authorizeRequests()
        .antMatchers(openIdConfig.getEntrypoint()).permitAll()
        .anyRequest().authenticated()
        .and().logout()//.clearAuthentication(true)
        .logoutUrl(openIdConfig.getLogoffURL()+openIdConfig.getRedirectUri()).permitAll()
       .invalidateHttpSession(true)
          .deleteCookies(OpenIDConstants.SESSION_TOKEN, OpenIDConstants.USERNAME,
          OpenIDConstants.JSESSIONID)
          .logoutSuccessHandler(logoutSuccessHandler())
          .logoutSuccessUrl(openIdConfig.getRedirectUri());
        ;
        LOG.info("in configure httpsecurity end");
     // @formatter:on
    }

It is `cross-origin` related issue, you need to use `cors` middleware to communicate between two different server — Muhammad Shareyar, Apr 26 '19 at 17:46

score 1 · Answer 1 · 2019-04-27T06:25:51.393

You probably did enable CORS on security level, but not on the web level. To enable CORS on web level, you can do it at method level, class level or for the entire application.

Method level

@CrossOrigin(origins = "http://example.com")
@GetMapping(path="/")
public String homeInit(Model model) {
    return "home";
}

Class level

@CrossOrigin(origins = "*", allowedHeaders = "*")
@Controller
public class HomeController
{
    @GetMapping(path="/")
    public String homeInit(Model model) {
        return "home";
    }
}

Global

@Configuration
@EnableWebMvc
public class CorsConfiguration extends WebMvcConfigurerAdapter
{
    @Override
    public void addCorsMappings(CorsRegistry registry) {
        registry.addMapping("/**")
                .allowedMethods("GET", "POST");
    }
}

or, for a Spring Boot application, the recommended way:

@Configuration
public class CorsConfiguration
{
    @Bean
    public WebMvcConfigurer corsConfigurer()
    {
        return new WebMvcConfigurerAdapter() {
            @Override
            public void addCorsMappings(CorsRegistry registry) {
                registry.addMapping("/**");
            }
        };
    }
}

Still I am facing the issue after adding all the above configuration also. — Saritha, Apr 27 '19 at 10:00

Access to XMLHttpRequest at '' () from origin '' has been blocked by CORS policy:No 'Access-Control-Allow-Origin' header is present

1 Answers1