“cors header ‘access-control-allow-origin’ missing” denies request, even though origin is allowed

0
votes

I want to a send POST request from my angular app to my server (written with spring-boot). The request gets denied with the message "cors header ‘access-control-allow-origin’ missing".

I enabled the origin of my angular app "http://localhost:4200" like I did for my other RestControllers (Which work). The only difference as far as I can tell is that I handel POST requests in my not working controller.

Controller

@RestController
@CrossOrigin(origins = "http://localhost:4200")
public class Controller {

    @Autowired
    private ReqRepository reqRepository;

    @PostMapping("/reqs")
    public Req saveReq (@Valid @RequestBody Req req) {
        return reqRepository.save(req);
    }
}

Repository

@Repository
public interface ReqRepository extends JpaRepository<Req, Long> {
}

Angular Service

@Injectable()
export class ReqService {

  private httpOptions = {
    headers: new HttpHeaders({
      'Access-Control-Allow-Origin': '*',
      'Content-Type': 'application/json'
    })
};

  constructor(private http: HttpClient) {}

  sendReq(req: Req): Observable<Req> {
    return this.http.post<Req>('http://localhost:8080/reqs', req, this.httpOptions);
  }
}

I thought allowing the origin would be enough so the request is possible but it get's blocked. It seems like I am missing something to enable POST requests.

Update

I further tested the controller and it works for GET requests. I just change the the method, so it seems like the problem lies in the POST request. Below ist the controller with a GET test endpoint instead of a POST endpoint

@RestController
@CrossOrigin(origins = "http://localhost:4200")
public class Controller {

    @Autowired
    private ReqRepository reqRepository;

    @GetMapping("/reqs")
    public Page<Req> testCall (Pageable pageable) {
        System.out.println("Geeting request");
        return reqRepository.findAll(pageable);
    }
}
2
angularspring-boot
you allow localhost but send * ... - user4676340
It can be solved by adding cors config Check this link - lm1010
@trichetriche I changed the wildcard * to "localhost:4200" but it still doesnt work - GhostMST
@lm1010 shouldn't the CrossOrigin annotion work? I think all a config would do is to enable cors for the whole application, so I don't have to do it in every controller - GhostMST
@lm1010 creating a cors config like in the link you provides leads to a Http 403 error - GhostMST

2 Answers

0
votes

Glad that your request is working now. Please note 'Access-Control-Allow-Origin': '*' is a header sent from the server. Here you are trying to send the header from angular to server which will not work

Also please change @CrossOrigin(origins = "http://localhost:4200")

to @CrossOrigin(origins = "http://localhost:4200", methods="GET,POST,PUT,DELETE,ORIGIN") and see if it works

0
votes

The problem was my spring security configuration. I had to disable csrf because it is enabled by default. I got the solution from this post: How to Solve 403 Error in Spring Boot Post Request

My solution looks like this:

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    //Override basic security settings so no login page is needed to access the RestEndpoints
    @Override
    protected void configure(HttpSecurity security) throws Exception
    {
        security.httpBasic().disable();
        security.csrf().disable();
    }
}