Hello everyone, good day. I have no problem when I send a request from my frontend project in Vercell to my local server, but I get a cors error when I send a request from local or vercell to my server in fly.io. Is there a cors setting I need to edit in fly.io? I set my own cors settings in my spring boot project, but I still get a cors error when I send a request. Thank you in advance.
This doesn’t sound like something fly.io should affect, but it does sound like a dev vs. prod difference.
Can you show us the request and response headers for failing requests? Is the response ok, or is it an error response?
Spring is always very tricky to configure cors settings.
Have you made sure that the bean that you are configured is invoked?
Sometimes it’s the matter of bean priority - maybe default one is overriding your config.
Can you show us what are the response headers from your app (from the network tab in browser)?
You can try to do it manual way - create new Filter bean and add cors headers manually.
However you could encounter same issue if the filter with cors headers will be added before security filter.
Also, have you checked the latests spring / spring security docs (tutorials on the internet are often kinda deprecated)?
https://docs.spring.io/spring-security/reference/servlet/integrations/cors.html
Maybe you should return the UrlBasedCorsConfigurationSource instead?
Yes, I did it by checking the last document. I don’t think there is bean priority because there is not more than one configuration. I really don’t understand where the error is.
The thing is spring boot is registering automatically so many things on it’s own. I had to debug spring framework few times in order to understand and fix simillar issues.
You could start with trying to add @Primary bean to the cors bean and @Primary bean to the security config bean
Is it intellij ultimate? Im not sure whyt filterChain method is mark as not used.
Do you have @Configuration annotation above the class where you have this “filterChain” method?
Thanks for the screenshots, however you haven’t shown the “Response headers”.
Postman works, because CORS are browser and browser only thing. Browser is simply checking if domains match, if not, browser expect few headers in the response from the server (Resonse Headers). In the conole you can see the header that is missing “Allow-Control-Allow-Origin”.
Filters :: Spring Framework. Maybe default CORS filter for some reason is still there and is overriding yours. If that is the case @Primary annotation would help.
If my theory is right about the MVC Cors filter you should be able to solve the issue by following CORS :: Spring Framework
In my Spring app (Framework 6.4) I’ve used WebMvcConfigurer to configure CORS settings and I am using Spring Security as well.
I just have to mention - if it’s not showcase for a job or you want to learn Spring for a job i strongly advice against learning it - it’s terrible for learning web development.
I work with at my day job and Spring is full of issues like this one - at the end they end up to be kinda stupid, but it doesn’t mean you just haven’t wasted 3 hours of your life fixing it. And most often you haven’t learned anything in these 3 hours, becase you were working with Spring abstraction on top of web dev, not on the web dev. I know many Spring developrs that doesn’t know what happens after you return POJO from the controller.
Check the repo please, I created PR.
1 Like
Thanks when i arrived my home. i check the repo
Hi, thank you for the comment lines you added and the advice you gave, I have reviewed them one by one. I have applied the changes you made to my repo.Thank you again for your time. I still don’t understand why it’s not fixed.
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.