-1

I recently switched my app over from webmvc to webflux, and tried to configure this

@Configuration
@EnableWebFlux
public class WebConfig implements WebFluxConfigurer {

    @Override
    public void addCorsMappings(CorsRegistry registry) {
        registry.addMapping("/**")
                .allowedOrigins("*");
    }

    @Bean
    CorsWebFilter corsWebFilter() {
        var corsConfig = new CorsConfiguration();
        corsConfig.setAllowedOrigins(List.of("*"));

        var source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", corsConfig);

        return new CorsWebFilter(source);
    }
}

and also tried adding @CrossOrigin to my controller.

But I'm still not getting the cross-origin response headers.

Anyone know the fix?

Tobiq
  • 2,489
  • 19
  • 38
  • cross origin is the one of the most answered questions on stack overflow when it comes to spring and spring security. When you asked you must have seen the 100s of questions, and stack overflow warned you from asking this question. You have posted a generic configuration of crossorigin which tells us absolutely nothing. If you want an answer you have to put some effort into your questions so that we can reproduce the behavior, the provided config does NOT reproduce the behavior. – Toerktumlare Nov 23 '21 at 08:52
  • Update your question with, your endpoint, what your request looks like, whats actually in your request, and the exact response with headers. All logs. Please put some effort into your question, voted to close, lack of debugging details. – Toerktumlare Nov 23 '21 at 08:52
  • @Toerktumlare no – Tobiq Nov 23 '21 at 13:06
  • Good luck, close vote stands, i recommend reading this https://stackoverflow.com/help/how-to-ask – Toerktumlare Nov 24 '21 at 09:03

1 Answers1

0

I have just the Kotlin project, but the similar syntax in Java. Basically, class, annotation and method calling same.

I use this for Stateless API interface.

@EnableWebFluxSecurity
class SecurityConfiguration {

    @Bean
    fun securityWebFilterChain(http: ServerHttpSecurity): SecurityWebFilterChain {
        return http.securityContextRepository(NoOpServerSecurityContextRepository.getInstance())
            .csrf().disable()
            .cors().disable()
            .logout().disable()
            .formLogin().disable()
            .headers { it.cache().disable() }
            .build()
    }
}
Numichi
  • 926
  • 6
  • 14