-
Notifications
You must be signed in to change notification settings - Fork 3.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Global CORS configuration with GlobalFilter #1690
Comments
I'm afraid I don't understand this question. Can you be more specific?
|
@kadimulam What are you trying to achieve with the global filter? |
@kadimulam Can you provide a GIT repo that we can clone with a unit test that illustrates the failure? |
@spencergibb , sorry if i did not explain properly. |
@tony-clarke-amdocs , unfortunately i cannot share the repo. In GlobalFilter i have some business logic that gets executed for all the requests. Within GlobalFilter i added the above IF condition for OPTIONS call as the request is first received by GlobalFilter. |
@spencergibb , i can do some research and fix my issue if you could provide some documentation which shows how CORS should be configured when using GlobalFilter. |
I am not following:
|
Also, we don't want your private repo, just a minimal one that reproduces the problem. |
|
|
@tony-clarke-amdocs , @spencergibb when we disabled MyGlobalFilter then OPTIONS calls are working as expected and POST calls are successful. It's only when MyGlobalFilter is configured, OPTIONS calls are hitting MyGlobalFilter. As of now the Order is HIGHEST_PRECEDENCE, how do I reduce the precedence that way CORS filter executes first and then MyGlobalFilter. I tried to set MyGlobalFilter to '0', but it didn't work (I mean OPTIONs calls are hitting MyGlobalFilter). |
If the CorsPreFlight processor runs then the remaining handler worker is shortcut and just the CORS headers are returned. You can see this here. But you are saying the opposite. If you can provide a Git repo to look at I can look into it more. |
@spencergibb , @tony-clarke-amdocs , please find a dummy implementation which has the issue i am facing. 1) After running the Spring Cloud Gateway project and the Controller, run OPTIONS call for below endpoint. You will see MyGlobalFilter gets triggered. Is this the expected behavior? If this gets triggered there is no point in configuring the global cors. I believe developer should not code for OPTIONS inside MyGlobalFilter. Do you agree?
2) Remove MyGlobalFilter, deploy Spring Cloud Gateway and rerun above OPTIONS call. It will send 200OK. This is expected and I would expect the same behavior even when i have MyGlobalFilter. Based on my analysis, I believe somewhere we are overriding the precedence of global cors in #1 scenario above. I have provided all the information including sample project for troubleshooting the issue. Please advise. This is dummy Spring Cloud Gateway project which runs on 8080 Place this Controller in any of the SpringBoot project and run locally on 8081 |
A number of follow up points:
Everything looks to be behaving correctly in the APIGW. |
@tony-clarke-amdocs , when i added Access-Control-Request-Method it worked. Thank you! And one more issue with my configuration was there was a typo in field 'corsConfigurations'. On my actual repo I specified as 'corsConfiguration' and that is the reason it did not work from application UI. I will correct it and verify from UI. One more thing, how do i pass allowedOrigins to allow range of subdomains?
|
As far as I can tell Spring supports "*" to permit all origins...but I don't think you can specify a wild card to represent a subdomain. @rstoyanchev might be able to confirm/deny. |
I'm going to go ahead and close this as working. Feel free to continue the conversation though. Thanks @tony-clarke-amdocs for the help. |
I've faced similar problems like @kadimulam If I follow @kadimulam approach of configuring CORS in application.yml file then I get I'm using APIGW 2.2.6.RELEASE |
We are using Global CORS configurations with GlobalFilter as shown below
MyGlobalFilter.java
With the above configuration, the request comes into GlobalFilter and satisfies the above OPTIONS if conditions for POST calls and returns 200 but we do not see the CORS headers set on the browser. Our actual POST call does not happen and the request does not proceed. Is this the correct approach for handling CORS with GlobalFilter?
For OPTIONS call is it possible to send 200 OK directly from bootstrap.yaml config itself instead of entering into GlobalFilter and then handling OPTIONS? Please advise.
The text was updated successfully, but these errors were encountered: