-
-
Notifications
You must be signed in to change notification settings - Fork 77
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bugfix: CORS config on error handling #555
base: main
Are you sure you want to change the base?
Conversation
* add Access-Control-Allow-Credentials=true * use real request origin instead of '*' to fill Access-Control-Allow-Origin, due to high security standards of modern browsers
c01ed86
to
615e043
Compare
Hi, which issues are you experiencing besides seeing an error in your dev console? What are we trying to fix here exactly? |
Hi! Without the first change I described ( After fixing that, the second change (in By the way, all the changes in this PR aim to facilitate running the product in dev mode and will not provide any improvement in the production mode. |
That's weird, as this works for me and the other folks, given you're not running the backend with SSL enabled. I don't mind these changes for dev purposes, but I previously considered allowing the end user to configure cors for production via properties rather than just disabling it completely. |
* add Access-Control-Allow-Credentials=true * use real request origin instead of '*' to fill Access-Control-Allow-Origin, due to high security standards of modern browsers
615e043
to
aebf6b2
Compare
What changes did you make? (Give an overview)
GlobalErrorWebExceptionHandler
) baypasses CORS configs inCorsGlobalConfiguration
, causing "Something went wrong: An error occurred" instead of "405 Method Not Allowed: This cluster is in read-only mode." in frontend. It seems that we should manually fill response headers in error handler, too.I splitted changes into multiple commits to make tracking chnages easier.
Is there anything you'd like reviewers to focus on?
Spring web CORS configurations
How Has This Been Tested? (put an "x" (case-sensitive!) next to an item)
Checklist (put an "x" (case-sensitive!) next to all the items, otherwise the build will fail)
Check out Contributing and Code of Conduct
A picture of a cute animal