Home > Net >  Error CORS Forbidden 403 Spring Boot With Spring Security when using Path Variable
Error CORS Forbidden 403 Spring Boot With Spring Security when using Path Variable

Time:04-15

I know there already a lot of questions & answers about this topic, but none mention about this Error when using path variable.

I already put this config

@EnableWebSecurity
public class CustomWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {

   @Override
   protected void configure(HttpSecurity http) throws Exception
   {
    http
     .cors().and()
     .csrf().disable()
     .authorizeRequests().antMatchers("/file/getFile/**")           
        .permitAll().anyRequest().authenticated()
     .and()
     .httpBasic();
   }
}

and when I use the path variable the response always error 403 Forbidden.

ERROR

@RequestMapping(value = "/file")
@Service
public class FileService {
 .....
    @CrossOrigin(origins="http://localhost:8080", allowCredentials = "true")
    @RequestMapping(value = "/getFile/{fileId}", method = RequestMethod.POST)
    @ResponseBody
    public String getFile(@PathVariable(value = "fileId") String fileId) {
         ....
    }
}

But if I'm not using the path variable, it works.

SUCCESS

@RequestMapping(value = "/file")
@Service
public class FileService {
 .....
    @CrossOrigin(origins="http://localhost:8080", allowCredentials = "true")
    @RequestMapping(value = "/getFile", method = RequestMethod.POST)
    @ResponseBody
    public String getFile(@RequestBody String jsonFileId) {
         ....
    }
}

I'm calling this from javascript, below is the javascript request method. url example

 http://localhost:8088/file/getFile/PUML1pZvusTlfBnlW3 
 fdjElEw8O7iVXfj801GyFF7fWeqyvPzwf1GB9lwha3T9GOoq2KEDaqf01l
 3DMRYInV9yHAMfd5_W4vY0S7d0SS9qk

and the request method

 $.ajax({
           
            url:url,
            type:"POST",
            data:data,
            dataType: 'json',
            contentType: "application/json;",
            crossDomain:true,
            cache:false,
            async:true,
            success:success,
            timeout:30000,
            error:function(xhr, textStatus, errorThrown) {
                console.log(xhr.responseText);                
             
            }   
                
        }
    });

the javascript error :

Access to XMLHttpRequest at

'http://localhost:8088/file/getFile/PUML1pZvusTlf....
from origin 'http://localhost:8080' has been blocked by CORS 
policy: Response to preflight request doesn't pass access control 
check: No 'Access-Control-Allow-Origin' header is present on the 
requested resource.

I know I can do without the path variable, but using the path variable is more efficient in my case. So is there any solution of this issue ? Thanks

CodePudding user response:

When you are using path variable there is no POST body and the browser is not sending application/json Content-Type header. You controller endpoint is not matched and the server does not respond with Access-Control-Allow-Origin header to a preflight request. Try sending some value in the POST body.

  • Related