Issue
this is my very first post so forgive me if i do not include all the proper information you need to help me.
I created a spring boot backend server Rest API that uses spring security. When i call this api through my react project, i initially got a 500 status response telling me that the request has been blocked be CORS. I solved is issue though with the following corsConfig file:
@Configuration
public class CorsConfig {
@Bean
public WebMvcConfigurer corsConfigurer(){
return new WebMvcConfigurer() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedMethods("GET", "POST", "PUT", "DELETE")
.allowedHeaders("*")
.allowedOrigins("*");
}
};
}
}
And when i run the react project(localhost:3000) and the spring api(localhost:8080) everything runs fine. I can even see from the headers that it returns "Access-Control-Allow-Origin: *".
Below is also my spring security configurations:
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors().and();
http.csrf().disable().authorizeRequests()
.antMatchers("/api/auth/**").permitAll()
.anyRequest().authenticated()
.and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.cors();
http.addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class);
}
The issue i am having is that i have now deployed my spring boot api on a docker container running on aws ecs fargate, and i now get the 500 status response again and i can also see that the header "Access-Control-Allow-Origin: *" is no longer present in the response.
So to quickly sum up. Everything works fine locally, the issue is only there when i call my backend api running AWS.
I have also tried using @CrossOrigin(origins = "*") on my restController class.
I have found similar issues out there, but they all seem to be when people are running their applications locally, and has been fixed by the solutions i have already used.
It seems to me that this issue is related to AWS somehow, but i am not sure. I hope someone can point me in the right directions here, and please let me know if i need to provide more screenshots of something. Thank you.
Solution
sometime other Internal Server Error hidden behind CROS, please try to check the application logs,if possible redirect them to cloudWatch logs.
I doubt Access-Control-Allow-Origin is causing your 500 errors, it's not the main source of the problem, some other part of your code cause the issue.
Answered By - MrOverflow
Answer Checked By - Marie Seifert (JavaFixing Admin)