Mobile versionAlles funktioniert lokal über Postman fällt mit CORS -Fehler aus. < /p>
Wir haben keine Logik für CORs geändert. Fehlen wir zusätzliche Schritte, wenn es um Spring Boot 3 geht?
Code: Select all
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsProcessor;
import org.springframework.web.cors.CorsUtils;
import org.springframework.web.cors.DefaultCorsProcessor;
import org.springframework.web.servlet.HandlerInterceptor;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Arrays;
public class CorsInterceptor implements HandlerInterceptor {
private final CorsConfiguration configuration;
private final CorsProcessor corsProcessor;
public CorsInterceptor(String allowedOriginsPattern) {
configuration = new CorsConfiguration();
configuration.setAllowCredentials(true);
configuration.setAllowedMethods(Arrays.asList("GET", "POST"));
configuration.setAllowedHeaders(Arrays.asList(
"some-key",
"various-other-keys")
);
corsProcessor = new DefaultCorsProcessor() {
@Override
protected String checkOrigin(CorsConfiguration config, String requestOrigin) {
if(requestOrigin != null && ("*".equals(allowedOriginsPattern) || requestOrigin.matches(allowedOriginsPattern))) {
return requestOrigin;
}
return null;
}
};
}
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws IOException {
boolean isValid = this.corsProcessor.processRequest(this.configuration, request, response);
return !(!isValid || CorsUtils.isPreFlightRequest(request));
}
}
import com.company.filters.StatelessCsrfFilter;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.csrf.CsrfFilter;
@EnableWebSecurity
@Configuration
public class LandingPageSecurityConfig {
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
.csrf(AbstractHttpConfigurer::disable)
.addFilterBefore(new StatelessCsrfFilter(), CsrfFilter.class);
return http.build();
}
}
package com.aexp.mgm.landingpage.config;
import com.aexp.company.interceptors.CorsInterceptor;
import com.aexp.company.interceptors.RequestInterceptor;
import com.aexp.company.logging.LogInterceptor;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.web.client.RestTemplateBuilder;
import org.springframework.boot.web.servlet.support.ErrorPageFilter;
import org.springframework.cache.annotation.EnableCaching;
import org.springframework.context.annotation.*;
import org.springframework.context.support.PropertySourcesPlaceholderConfigurer;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.web.client.RestOperations;
import org.springframework.web.client.RestTemplate;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@EnableWebMvc
@EnableWebSecurity
@Configuration
@EnableCaching
public class LandingPageConfig implements WebMvcConfigurer {
@Autowired
private RequestInterceptor requestInterceptor;
@Autowired
private LogInterceptor logInterceptor;
@Value("${allowed-origins}")
private String allowedOriginsPattern;
@Bean
public CorsInterceptor corsInterceptor() {
return new CorsInterceptor(allowedOriginsPattern);
}
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(corsInterceptor());
registry.addInterceptor(logInterceptor);
registry.addInterceptor(requestInterceptor);
}
}
