New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cors reference documentation seems incomplete/innacurate #14852
Comments
So I finally tracked down my issue by stepping through the filter chain with the debugger... hrm... I opened another bug spring-projects/spring-framework#32580 this seems like it's a logging issue as much as anything. I don't know how I was supposed to figure out the problem was that spring was being "smart" about header output. Leaving this open in case these docs could be improved, though I'm going to speculate I would have missed it unless it was loud. I have also asked for improvements to the docs in the gs guide spring-guides/gs-rest-service-cors#39 |
Is there an intermediate fix for something like actuator that you've found? I've been stuck on this for hours and had to create an incredibly janky implementation for a similar issue with spring-cloud-gateway. |
Uh, I'm not sure if I understand the question/problem you're having. I tracked mine down to a header that needed to be sent in the request that is normally sent by a web browser, but it's not generally sent from other clients unless you tell it to. |
Sorry, I think I'm in the same boat. I have an empty project with spring-web-starter, spring-security-starter and a SecurityFilterChain. Following the documentation to the letter and can't make any progress into actually disabling cors successfully for RestController endpoints or actuator endpoints. I also just think there must be something missing from the documentation, and can't figure out a way around it. |
Sounds like the inverse of my problem which was getting the Cors headers to actually trigger |
I've lost my mind trying things here. This is only my latest attempt, I've basically been in "add" mode.
The documentation suggests this should be enough.
https://docs.spring.io/spring-security/reference/servlet/integrations/cors.html
The text was updated successfully, but these errors were encountered: