DEV Community

Kudzai Tsapo
Kudzai Tsapo

Posted on

Spring security, CORS and Axios!

Right, I was happily enjoying my day, doing awesome stuff ( not really ), when I got a message that my API was causing CORS issues!

Now, I thought this was weird, considering I had fixed those issues at the beginning. Last time we faced CORS issues, it was because someone was using an incorrect URL ( which of course didn't exist ), so the preflight request got a 404 error, resulting in the blasted CORS error.

Today, I thought it was the same issue. And boy, was I super wrong! After spending the whole day debugging why axios was being a bitch pain-in-the-somewhere, I totally realized something funny was going on. The URL was correct, meaning something else was going on.

So, what I finally realized was that Spring Security, by default validates OPTIONS requests, which are sent by Axios in a preflight request. And that's when it hit me, I had forgotten to disable that. 😅

All I had to do, was to go inside my WebSecurityConfig class, and inside the configure, put a http.cors(). Simple, right? Ah well, give me a break!

Heroku

Build apps, not infrastructure.

Dealing with servers, hardware, and infrastructure can take up your valuable time. Discover the benefits of Heroku, the PaaS of choice for developers since 2007.

Visit Site

Top comments (1)

Collapse
 
rolandtreiber profile image
Roland Treiber

Created an account just to tell you that you saved me from an escalating headache. :)

Postmark Image

Speedy emails, satisfied customers

Are delayed transactional emails costing you user satisfaction? Postmark delivers your emails almost instantly, keeping your customers happy and connected.

Sign up

👋 Kindness is contagious

Please leave a ❤️ or a friendly comment on this post if you found it helpful!

Okay