0

I want to a send POST request from my angular app to my server (written with spring-boot). The request gets denied with the message "cors header ‘access-control-allow-origin’ missing".

I enabled the origin of my angular app "http://localhost:4200" like I did for my other RestControllers (Which work). The only difference as far as I can tell is that I handel POST requests in my not working controller.

Controller

@RestController
@CrossOrigin(origins = "http://localhost:4200")
public class Controller {

    @Autowired
    private ReqRepository reqRepository;

    @PostMapping("/reqs")
    public Req saveReq (@Valid @RequestBody Req req) {
        return reqRepository.save(req);
    }
}

Repository

@Repository
public interface ReqRepository extends JpaRepository<Req, Long> {
}

Angular Service

@Injectable()
export class ReqService {

  private httpOptions = {
    headers: new HttpHeaders({
      'Access-Control-Allow-Origin': '*',
      'Content-Type': 'application/json'
    })
};

  constructor(private http: HttpClient) {}

  sendReq(req: Req): Observable<Req> {
    return this.http.post<Req>('http://localhost:8080/reqs', req, this.httpOptions);
  }
}

I thought allowing the origin would be enough so the request is possible but it get's blocked. It seems like I am missing something to enable POST requests.

Update

I further tested the controller and it works for GET requests. I just change the the method, so it seems like the problem lies in the POST request. Below ist the controller with a GET test endpoint instead of a POST endpoint

@RestController
@CrossOrigin(origins = "http://localhost:4200")
public class Controller {

    @Autowired
    private ReqRepository reqRepository;

    @GetMapping("/reqs")
    public Page<Req> testCall (Pageable pageable) {
        System.out.println("Geeting request");
        return reqRepository.findAll(pageable);
    }
}
GhostMST
  • 23
  • 1
  • 7
  • you allow localhost but send `*` ... –  May 24 '19 at 11:08
  • It can be solved by adding cors config [Check this link](https://stackoverflow.com/questions/56289162/403-error-for-cors-preflight-options-request-how-to-fix/56289441#56289441) – lm1010 May 24 '19 at 11:17
  • @trichetriche I changed the wildcard * to "http://localhost:4200" but it still doesnt work – GhostMST May 24 '19 at 11:20
  • @lm1010 shouldn't the CrossOrigin annotion work? I think all a config would do is to enable cors for the whole application, so I don't have to do it in every controller – GhostMST May 24 '19 at 11:23
  • @lm1010 creating a cors config like in the link you provides leads to a Http 403 error – GhostMST May 24 '19 at 11:32

2 Answers2

0

Glad that your request is working now. Please note 'Access-Control-Allow-Origin': '*' is a header sent from the server. Here you are trying to send the header from angular to server which will not work

Also please change @CrossOrigin(origins = "http://localhost:4200")

to @CrossOrigin(origins = "http://localhost:4200", methods="GET,POST,PUT,DELETE,ORIGIN") and see if it works

Hari Pillai
  • 661
  • 1
  • 9
  • 14
  • Hey, sadly the request is not working. Only a GET Request is working at the moment but I need a POST request. But everytime I do a POST request I get a cors error – GhostMST May 24 '19 at 13:12
  • @GhostMST, I have updated the answer, please give it a try and let me know. – Hari Pillai May 25 '19 at 03:24
  • I specified POST as an allowed Request methode but I still get the same error. `@CrossOrigin(origins = "http://localhost:4200", methods= RequestMethod.POST)` As far as I understand if I don't specify RequestMethods all methods are allowed by default. What's interesting is that if I use a global config like @lm1010 linked aboce I get no cors error but a 403 Access denied error. – GhostMST May 27 '19 at 07:41
0

The problem was my spring security configuration. I had to disable csrf because it is enabled by default. I got the solution from this post: How to Solve 403 Error in Spring Boot Post Request

My solution looks like this:

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    //Override basic security settings so no login page is needed to access the RestEndpoints
    @Override
    protected void configure(HttpSecurity security) throws Exception
    {
        security.httpBasic().disable();
        security.csrf().disable();
    }
}
GhostMST
  • 23
  • 1
  • 7