I am in the following situation, I configured cors. I hosted my app using tomcat10 and the frontend is React. With the development server of Springboot, locally everythin works fine. But when hosted in production, where it should work it does not. This is my configuration
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws Exception{
logger.info(keySetUri);
httpSecurity.oauth2ResourceServer(
c -> c.jwt(
j -> j.jwkSetUri(keySetUri)
)
);
httpSecurity.cors(c -> {
CorsConfigurationSource source = request -> {
CorsConfiguration config = new CorsConfiguration();
config.setAllowedOrigins(
List.of("http://192.000.0.000:3000", "http://localhost:3000", "http://www.exemple.com:3001", "http://www.example.com:8080", "http://www.example.com:8081")
);
config.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "OPTIONS"));
config.setAllowedHeaders(List.of("*"));
return config;
};
c.configurationSource(source);
});
httpSecurity.csrf(c -> c.disable());
httpSecurity.authorizeRequests()
// .requestMatchers("/api/admin/**").authenticated() //cors não funciona para post
.anyRequest().permitAll();
;
return httpSecurity.build();
}
I get the header Access-Control-Allow-Origin http://www.example.com:3001 for get, options but not to post requests. I am really stuck because the code is there, if it doesn't do what I programmed what can I do?
This is my get request headers
This is my options request headers
this is my Java bugged post request thing