DEV Community

Kudzai Tsapo
Kudzai Tsapo

Posted on

Spring security, CORS and Axios!

Right, I was happily enjoying my day, doing awesome stuff ( not really ), when I got a message that my API was causing CORS issues!

Now, I thought this was weird, considering I had fixed those issues at the beginning. Last time we faced CORS issues, it was because someone was using an incorrect URL ( which of course didn't exist ), so the preflight request got a 404 error, resulting in the blasted CORS error.

Today, I thought it was the same issue. And boy, was I super wrong! After spending the whole day debugging why axios was being a bitch pain-in-the-somewhere, I totally realized something funny was going on. The URL was correct, meaning something else was going on.

So, what I finally realized was that Spring Security, by default validates OPTIONS requests, which are sent by Axios in a preflight request. And that's when it hit me, I had forgotten to disable that. 😅

All I had to do, was to go inside my WebSecurityConfig class, and inside the configure, put a http.cors(). Simple, right? Ah well, give me a break!

Top comments (1)

Collapse
 
rolandtreiber profile image
Roland Treiber

Created an account just to tell you that you saved me from an escalating headache. :)