CORS : Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request [duplicate]

Asked 13/6, 2019 at 13:26 Answered 6/5, 2022 at 11:48

java spring-boot cors openshift same-origin-policy

I am trying to integrate the angualar js app with the backend spring boot , in which i am facing the redirection is not allowed for a preflight request

This is deployed on openshift , i have configured to enabled cors by adding few annotation in the controller method , which helped me to solve the : Request doesnot have "Access-Control-Allow-Origin" header in the incoming request : CORS policy issue.

    @CrossOrigin(allowedHeaders = "*", origins = "*", exposedHeaders = 
        "Access-Control-Allow-Origin", methods = {
          RequestMethod.POST, RequestMethod.GET, RequestMethod.PUT, 
    RequestMethod.DELETE, RequestMethod.HEAD,
          RequestMethod.OPTIONS, RequestMethod.PATCH, RequestMethod.TRACE })
    @RestController
    public class Controller {

   @Autowired
   Service botService;

   @Autowired
   Environment env;

   @CrossOrigin()
   @RequestMapping(value = "/jwtToken", method = {
                 RequestMethod.POST }, produces = MediaType.APPLICATION_JSON_VALUE, consumes = MediaType.APPLICATION_JSON_VALUE)
   @ResponseStatus(HttpStatus.OK)
   public ResponseEntity<UnifiedService> botConntor(                     
                 @RequestBody UnifiedInput input, HttpServletRequest request) {
          UnifiedBPMService output = botService.processBotRequest(input, request);
          return new ResponseEntity<UnifiedService>(output, HttpStatus.OK);
   }

The error which i get in the actual angular app is:

Access to XMLHttpRequest at 'http:///chatbot/api/jwtToken' from origin 'http://' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request.

The options call has returned the below respose :

    Request URL: http://<domain>/chatbot/api/jwtToken
    Request Method: OPTIONS
    Status Code: 302 Found
    Remote Address: 10.235.222.220:80
    Referrer Policy: no-referrer-when-downgrade

Magnetron answered 13/6, 2019 at 13:26 Comment(4)

You can try adding @CrossOrigin(origins = { "*" }, maxAge = 4800, allowCredentials = "false") but origins should be * and remove exposed headers – Gloaming 13/6, 2019 at 13:31

@AhmadQureshi : the suggested changes did not help to solve the problem. still i get the same error – Magnetron 13/6, 2019 at 13:53

can you try removing @CorsOrigin from the method level – Gloaming 18/6, 2019 at 14:29

@AhmadQureshi : removed, but still same issue – Magnetron 18/6, 2019 at 16:20

Your backend is redirecting (302) instead of sending a proper response (200) to the OPTIONS/preflight request. Check your backend logs to see why it is redirecting. It may be something like Spring security denying the OPTIONS request and redirecting to your login page.

Tarpley answered 14/7, 2019 at 19:37 Comment(3)

I am facing the same issue but the backend log does not have any data at all. – Ilo 1/8, 2019 at 5:16

I am facing the same issue. When you are using an SSO server, you need to do a redirection on the server side instead of sending 403. – Microscopy 13/11, 2021 at 6:45

I'm not sure if this will help at all, but Spring security logging is generally very minimal in situations like this. The first step I always go to is enabling debug logging. Try -Dlogging.level.org.springframework.security=DEBUG – Pyongyang 15/11, 2021 at 1:8

-1

I faced the same issue. My problem is it redirects to login page because i used Spring Security. To see if it is the same with you, you can see server logs. But you need to enable logging for Spring Security. For spring boot projects, in application.yml file:

logging:
  level:
    org:
      springframework:
        security: DEBUG

Chutney answered 6/5, 2022 at 11:48 Comment(0)

Recommended topics

Hot tags