I am using a Api Rest with Spring boot with a basic auth of spring security, When I make the request to the backend with Angular it gives me as a result a problem with the Cors 'login:
1 Failed to load link : Request header field Cache-Control is not allowed by Access-Control-Allow-Headers in preflight response. '
I leave you how are the configurations.
WebSecurityConfig code (basic auth of spring security)
@EnableWebSecurity
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.addFilterBefore(new CorsFilter(), ChannelProcessingFilter.class);
http.authorizeRequests().antMatchers("/").permitAll().anyRequest().fullyAuthenticated().and().httpBasic().and()
.csrf().disable();
}
}
Code of the CorsFiltes.
@Component
@Configuration
public class CorsFilter implements Filter {
private final Logger log = LoggerFactory.getLogger(CorsFilter.class);
public CorsFilter() {
log.info("SimpleCORSFilter init");
}
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE, PUT");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers",
"Content-Type, Accept, X-Requested-With, remember-me, authorization, x-auth-token");
if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {
response.setStatus(HttpServletResponse.SC_OK);
} else {
chain.doFilter(req, res);
}
}
@Override
public void init(FilterConfig filterConfig) {
}
@Override
public void destroy() {
}
}
Configuring the headers in angular (Login Service)
@Injectable()
export class LoginService {
private url = environment.REST_API_URL;
private headers;
private options;
constructor(public http: Http) {
this.headers = new Headers({
'Content-Type': 'application/json',
'Cache-Control': 'no-cache',
'Authorization': 'Basic dXNlcjpwcm9fR2FjZTIwMTg=',
})
}
loguearAlumno(personaLoguear) {
//Peticion al backend
return this.http.post(this.url + 'alumno/loginAlumno', JSON.stringify(personaLoguear),
{ headers: this.headers }).map(res => res.json());
}
}