Invalid CORS request for post call?










0















Request URL: ******
Request Method: OPTIONS
Status Code: 403
Remote Address: ****
Referrer Policy: no-referrer-when-downgrade


For the post call browser showing it as OPTIONS.



The following is the server code:



@Bean
public WebMvcConfigurer corsConfigurer()
return new WebMvcConfigurerAdapter()
@Override
public void addCorsMappings(CorsRegistry registry)
System.out.println("onboard cors");

registry.addMapping("/**").allowedMethods("GET", "PUT", "POST", "DELETE", "OPTIONS").allowedOrigins("*").allowedHeaders("*");

;



The above code is working fine when I directly call the respective service.



But getting 'invalid cors request' error by calling the service through zuul api gateway.



Any suggestions plz?










share|improve this question
























  • It's the preflight check by the browser, and to get ride of it you must implement crossorigin, I simply added CrossOrigin annotation in my controllers and worked. If you have spring security in your project, the configuration you added isn't enough.

    – Mohamed EL AYADI
    Nov 14 '18 at 11:49











  • Hi Mohamed, I tried the above method but didnt work. I tried 3 ways 1. Global CORS 2. Controller level 3. Method level

    – Karthik P
    Nov 14 '18 at 13:47











  • The above code working but we are using zuul api gateway, by calling the post call through zuul api gateway is not working. By calling the respective service directly it is working fine.

    – Karthik P
    Nov 14 '18 at 14:28











  • Sorry to hear that, but i think you must have mentionned that the problem is at zuul level not the microservice itself. Good luck

    – Mohamed EL AYADI
    Nov 15 '18 at 9:27















0















Request URL: ******
Request Method: OPTIONS
Status Code: 403
Remote Address: ****
Referrer Policy: no-referrer-when-downgrade


For the post call browser showing it as OPTIONS.



The following is the server code:



@Bean
public WebMvcConfigurer corsConfigurer()
return new WebMvcConfigurerAdapter()
@Override
public void addCorsMappings(CorsRegistry registry)
System.out.println("onboard cors");

registry.addMapping("/**").allowedMethods("GET", "PUT", "POST", "DELETE", "OPTIONS").allowedOrigins("*").allowedHeaders("*");

;



The above code is working fine when I directly call the respective service.



But getting 'invalid cors request' error by calling the service through zuul api gateway.



Any suggestions plz?










share|improve this question
























  • It's the preflight check by the browser, and to get ride of it you must implement crossorigin, I simply added CrossOrigin annotation in my controllers and worked. If you have spring security in your project, the configuration you added isn't enough.

    – Mohamed EL AYADI
    Nov 14 '18 at 11:49











  • Hi Mohamed, I tried the above method but didnt work. I tried 3 ways 1. Global CORS 2. Controller level 3. Method level

    – Karthik P
    Nov 14 '18 at 13:47











  • The above code working but we are using zuul api gateway, by calling the post call through zuul api gateway is not working. By calling the respective service directly it is working fine.

    – Karthik P
    Nov 14 '18 at 14:28











  • Sorry to hear that, but i think you must have mentionned that the problem is at zuul level not the microservice itself. Good luck

    – Mohamed EL AYADI
    Nov 15 '18 at 9:27













0












0








0








Request URL: ******
Request Method: OPTIONS
Status Code: 403
Remote Address: ****
Referrer Policy: no-referrer-when-downgrade


For the post call browser showing it as OPTIONS.



The following is the server code:



@Bean
public WebMvcConfigurer corsConfigurer()
return new WebMvcConfigurerAdapter()
@Override
public void addCorsMappings(CorsRegistry registry)
System.out.println("onboard cors");

registry.addMapping("/**").allowedMethods("GET", "PUT", "POST", "DELETE", "OPTIONS").allowedOrigins("*").allowedHeaders("*");

;



The above code is working fine when I directly call the respective service.



But getting 'invalid cors request' error by calling the service through zuul api gateway.



Any suggestions plz?










share|improve this question
















Request URL: ******
Request Method: OPTIONS
Status Code: 403
Remote Address: ****
Referrer Policy: no-referrer-when-downgrade


For the post call browser showing it as OPTIONS.



The following is the server code:



@Bean
public WebMvcConfigurer corsConfigurer()
return new WebMvcConfigurerAdapter()
@Override
public void addCorsMappings(CorsRegistry registry)
System.out.println("onboard cors");

registry.addMapping("/**").allowedMethods("GET", "PUT", "POST", "DELETE", "OPTIONS").allowedOrigins("*").allowedHeaders("*");

;



The above code is working fine when I directly call the respective service.



But getting 'invalid cors request' error by calling the service through zuul api gateway.



Any suggestions plz?







java spring spring-boot netflix-zuul






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 14 '18 at 14:30







Karthik P

















asked Nov 14 '18 at 11:10









Karthik PKarthik P

336




336












  • It's the preflight check by the browser, and to get ride of it you must implement crossorigin, I simply added CrossOrigin annotation in my controllers and worked. If you have spring security in your project, the configuration you added isn't enough.

    – Mohamed EL AYADI
    Nov 14 '18 at 11:49











  • Hi Mohamed, I tried the above method but didnt work. I tried 3 ways 1. Global CORS 2. Controller level 3. Method level

    – Karthik P
    Nov 14 '18 at 13:47











  • The above code working but we are using zuul api gateway, by calling the post call through zuul api gateway is not working. By calling the respective service directly it is working fine.

    – Karthik P
    Nov 14 '18 at 14:28











  • Sorry to hear that, but i think you must have mentionned that the problem is at zuul level not the microservice itself. Good luck

    – Mohamed EL AYADI
    Nov 15 '18 at 9:27

















  • It's the preflight check by the browser, and to get ride of it you must implement crossorigin, I simply added CrossOrigin annotation in my controllers and worked. If you have spring security in your project, the configuration you added isn't enough.

    – Mohamed EL AYADI
    Nov 14 '18 at 11:49











  • Hi Mohamed, I tried the above method but didnt work. I tried 3 ways 1. Global CORS 2. Controller level 3. Method level

    – Karthik P
    Nov 14 '18 at 13:47











  • The above code working but we are using zuul api gateway, by calling the post call through zuul api gateway is not working. By calling the respective service directly it is working fine.

    – Karthik P
    Nov 14 '18 at 14:28











  • Sorry to hear that, but i think you must have mentionned that the problem is at zuul level not the microservice itself. Good luck

    – Mohamed EL AYADI
    Nov 15 '18 at 9:27
















It's the preflight check by the browser, and to get ride of it you must implement crossorigin, I simply added CrossOrigin annotation in my controllers and worked. If you have spring security in your project, the configuration you added isn't enough.

– Mohamed EL AYADI
Nov 14 '18 at 11:49





It's the preflight check by the browser, and to get ride of it you must implement crossorigin, I simply added CrossOrigin annotation in my controllers and worked. If you have spring security in your project, the configuration you added isn't enough.

– Mohamed EL AYADI
Nov 14 '18 at 11:49













Hi Mohamed, I tried the above method but didnt work. I tried 3 ways 1. Global CORS 2. Controller level 3. Method level

– Karthik P
Nov 14 '18 at 13:47





Hi Mohamed, I tried the above method but didnt work. I tried 3 ways 1. Global CORS 2. Controller level 3. Method level

– Karthik P
Nov 14 '18 at 13:47













The above code working but we are using zuul api gateway, by calling the post call through zuul api gateway is not working. By calling the respective service directly it is working fine.

– Karthik P
Nov 14 '18 at 14:28





The above code working but we are using zuul api gateway, by calling the post call through zuul api gateway is not working. By calling the respective service directly it is working fine.

– Karthik P
Nov 14 '18 at 14:28













Sorry to hear that, but i think you must have mentionned that the problem is at zuul level not the microservice itself. Good luck

– Mohamed EL AYADI
Nov 15 '18 at 9:27





Sorry to hear that, but i think you must have mentionned that the problem is at zuul level not the microservice itself. Good luck

– Mohamed EL AYADI
Nov 15 '18 at 9:27












2 Answers
2






active

oldest

votes


















1














Your browser first checks if POST method is safe to send to the endpoint and if yes then does POST request. You should provide permissions to OPTIONS method and respond it with Allow: GET, HEAD, POST and all should be okay. I faced that problem while working with Python, so it's all about CORS and does not depend on platform.



See more information about it here






share|improve this answer
































    0














    The following solution worked for me.



    Add the below code in zuul project:



    @Bean
    public FilterRegistrationBean corsFilter()
    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    CorsConfiguration config = new CorsConfiguration();
    config.setAllowCredentials(true);
    config.addAllowedOrigin("*");
    config.addAllowedHeader("*");
    config.addAllowedMethod("*");
    source.registerCorsConfiguration("/**", config);
    FilterRegistrationBean bean = new FilterRegistrationBean(new org.springframework.web.filter.CorsFilter(source));
    bean.setOrder(0);
    return bean;



    Adding corsfilter code in all microservices is not required.



    Reference: https://stackoverflow.com/a/46277194/4132466






    share|improve this answer






















      Your Answer






      StackExchange.ifUsing("editor", function ()
      StackExchange.using("externalEditor", function ()
      StackExchange.using("snippets", function ()
      StackExchange.snippets.init();
      );
      );
      , "code-snippets");

      StackExchange.ready(function()
      var channelOptions =
      tags: "".split(" "),
      id: "1"
      ;
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function()
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled)
      StackExchange.using("snippets", function()
      createEditor();
      );

      else
      createEditor();

      );

      function createEditor()
      StackExchange.prepareEditor(
      heartbeatType: 'answer',
      autoActivateHeartbeat: false,
      convertImagesToLinks: true,
      noModals: true,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: 10,
      bindNavPrevention: true,
      postfix: "",
      imageUploader:
      brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
      contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
      allowUrls: true
      ,
      onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      );



      );













      draft saved

      draft discarded


















      StackExchange.ready(
      function ()
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53298839%2finvalid-cors-request-for-post-call%23new-answer', 'question_page');

      );

      Post as a guest















      Required, but never shown

























      2 Answers
      2






      active

      oldest

      votes








      2 Answers
      2






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes









      1














      Your browser first checks if POST method is safe to send to the endpoint and if yes then does POST request. You should provide permissions to OPTIONS method and respond it with Allow: GET, HEAD, POST and all should be okay. I faced that problem while working with Python, so it's all about CORS and does not depend on platform.



      See more information about it here






      share|improve this answer





























        1














        Your browser first checks if POST method is safe to send to the endpoint and if yes then does POST request. You should provide permissions to OPTIONS method and respond it with Allow: GET, HEAD, POST and all should be okay. I faced that problem while working with Python, so it's all about CORS and does not depend on platform.



        See more information about it here






        share|improve this answer



























          1












          1








          1







          Your browser first checks if POST method is safe to send to the endpoint and if yes then does POST request. You should provide permissions to OPTIONS method and respond it with Allow: GET, HEAD, POST and all should be okay. I faced that problem while working with Python, so it's all about CORS and does not depend on platform.



          See more information about it here






          share|improve this answer















          Your browser first checks if POST method is safe to send to the endpoint and if yes then does POST request. You should provide permissions to OPTIONS method and respond it with Allow: GET, HEAD, POST and all should be okay. I faced that problem while working with Python, so it's all about CORS and does not depend on platform.



          See more information about it here







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Nov 14 '18 at 12:05

























          answered Nov 14 '18 at 11:45









          barbarianbarbarian

          307416




          307416























              0














              The following solution worked for me.



              Add the below code in zuul project:



              @Bean
              public FilterRegistrationBean corsFilter()
              UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
              CorsConfiguration config = new CorsConfiguration();
              config.setAllowCredentials(true);
              config.addAllowedOrigin("*");
              config.addAllowedHeader("*");
              config.addAllowedMethod("*");
              source.registerCorsConfiguration("/**", config);
              FilterRegistrationBean bean = new FilterRegistrationBean(new org.springframework.web.filter.CorsFilter(source));
              bean.setOrder(0);
              return bean;



              Adding corsfilter code in all microservices is not required.



              Reference: https://stackoverflow.com/a/46277194/4132466






              share|improve this answer



























                0














                The following solution worked for me.



                Add the below code in zuul project:



                @Bean
                public FilterRegistrationBean corsFilter()
                UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
                CorsConfiguration config = new CorsConfiguration();
                config.setAllowCredentials(true);
                config.addAllowedOrigin("*");
                config.addAllowedHeader("*");
                config.addAllowedMethod("*");
                source.registerCorsConfiguration("/**", config);
                FilterRegistrationBean bean = new FilterRegistrationBean(new org.springframework.web.filter.CorsFilter(source));
                bean.setOrder(0);
                return bean;



                Adding corsfilter code in all microservices is not required.



                Reference: https://stackoverflow.com/a/46277194/4132466






                share|improve this answer

























                  0












                  0








                  0







                  The following solution worked for me.



                  Add the below code in zuul project:



                  @Bean
                  public FilterRegistrationBean corsFilter()
                  UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
                  CorsConfiguration config = new CorsConfiguration();
                  config.setAllowCredentials(true);
                  config.addAllowedOrigin("*");
                  config.addAllowedHeader("*");
                  config.addAllowedMethod("*");
                  source.registerCorsConfiguration("/**", config);
                  FilterRegistrationBean bean = new FilterRegistrationBean(new org.springframework.web.filter.CorsFilter(source));
                  bean.setOrder(0);
                  return bean;



                  Adding corsfilter code in all microservices is not required.



                  Reference: https://stackoverflow.com/a/46277194/4132466






                  share|improve this answer













                  The following solution worked for me.



                  Add the below code in zuul project:



                  @Bean
                  public FilterRegistrationBean corsFilter()
                  UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
                  CorsConfiguration config = new CorsConfiguration();
                  config.setAllowCredentials(true);
                  config.addAllowedOrigin("*");
                  config.addAllowedHeader("*");
                  config.addAllowedMethod("*");
                  source.registerCorsConfiguration("/**", config);
                  FilterRegistrationBean bean = new FilterRegistrationBean(new org.springframework.web.filter.CorsFilter(source));
                  bean.setOrder(0);
                  return bean;



                  Adding corsfilter code in all microservices is not required.



                  Reference: https://stackoverflow.com/a/46277194/4132466







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Nov 14 '18 at 14:47









                  Karthik PKarthik P

                  336




                  336



























                      draft saved

                      draft discarded
















































                      Thanks for contributing an answer to Stack Overflow!


                      • Please be sure to answer the question. Provide details and share your research!

                      But avoid


                      • Asking for help, clarification, or responding to other answers.

                      • Making statements based on opinion; back them up with references or personal experience.

                      To learn more, see our tips on writing great answers.




                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function ()
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53298839%2finvalid-cors-request-for-post-call%23new-answer', 'question_page');

                      );

                      Post as a guest















                      Required, but never shown





















































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown

































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown







                      這個網誌中的熱門文章

                      How to read a connectionString WITH PROVIDER in .NET Core?

                      Node.js Script on GitHub Pages or Amazon S3

                      Museum of Modern and Contemporary Art of Trento and Rovereto