I know there already a lot of questions & answers about this topic, but none mention about this Error when using path variable.
I already put this config
@EnableWebSecurity
public class CustomWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception
{
http
.cors().and()
.csrf().disable()
.authorizeRequests().antMatchers("/file/getFile/**")
.permitAll().anyRequest().authenticated()
.and()
.httpBasic();
}
}
and when I use the path variable the response always error 403 Forbidden.
ERROR
@RequestMapping(value = "/file")
@Service
public class FileService {
.....
@CrossOrigin(origins="http://localhost:8080", allowCredentials = "true")
@RequestMapping(value = "/getFile/{fileId}", method = RequestMethod.POST)
@ResponseBody
public String getFile(@PathVariable(value = "fileId") String fileId) {
....
}
}
But if I'm not using the path variable, it works.
SUCCESS
@RequestMapping(value = "/file")
@Service
public class FileService {
.....
@CrossOrigin(origins="http://localhost:8080", allowCredentials = "true")
@RequestMapping(value = "/getFile", method = RequestMethod.POST)
@ResponseBody
public String getFile(@RequestBody String jsonFileId) {
....
}
}
I'm calling this from javascript, below is the javascript request method. url example
http://localhost:8088/file/getFile/PUML1pZvusTlfBnlW3
fdjElEw8O7iVXfj801GyFF7fWeqyvPzwf1GB9lwha3T9GOoq2KEDaqf01l
3DMRYInV9yHAMfd5_W4vY0S7d0SS9qk
and the request method
$.ajax({
url:url,
type:"POST",
data:data,
dataType: 'json',
contentType: "application/json;",
crossDomain:true,
cache:false,
async:true,
success:success,
timeout:30000,
error:function(xhr, textStatus, errorThrown) {
console.log(xhr.responseText);
}
}
});
the javascript error :
Access to XMLHttpRequest at
'http://localhost:8088/file/getFile/PUML1pZvusTlf....
from origin 'http://localhost:8080' has been blocked by CORS
policy: Response to preflight request doesn't pass access control
check: No 'Access-Control-Allow-Origin' header is present on the
requested resource.
I know I can do without the path variable, but using the path variable is more efficient in my case. So is there any solution of this issue ? Thanks
CodePudding user response:
When you are using path variable there is no POST body and the browser is not sending application/json Content-Type header. You controller endpoint is not matched and the server does not respond with Access-Control-Allow-Origin header to a preflight request. Try sending some value in the POST body.