Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

When allowCredentials is true, allowedOrigins cannot contain the special value "*"

Tags:

java

spring-boot

When I upgrade to Spring Boot 2.4.9, the app shows error like this:

[10:07:07:487] [ERROR] - org.apache.juli.logging.DirectJDKLog.log(DirectJDKLog.java:175) - Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception
java.lang.IllegalArgumentException: When allowCredentials is true, allowedOrigins cannot contain the special value "*" since that cannot be set on the "Access-Control-Allow-Origin" response header. To allow credentials to a set of origins, list them explicitly or consider using "allowedOriginPatterns" instead.
    at org.springframework.web.cors.CorsConfiguration.validateAllowCredentials(CorsConfiguration.java:473) ~[spring-web-5.3.9.jar!/:5.3.9]
    at org.springframework.web.cors.CorsConfiguration.checkOrigin(CorsConfiguration.java:577) ~[spring-web-5.3.9.jar!/:5.3.9]
    at org.springframework.web.cors.DefaultCorsProcessor.checkOrigin(DefaultCorsProcessor.java:174) ~[spring-web-5.3.9.jar!/:5.3.9]
    at org.springframework.web.cors.DefaultCorsProcessor.handleInternal(DefaultCorsProcessor.java:116) ~[spring-web-5.3.9.jar!/:5.3.9]
    at org.springframework.web.cors.DefaultCorsProcessor.processRequest(DefaultCorsProcessor.java:95) ~[spring-web-5.3.9.jar!/:5.3.9]
    at org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:87) ~[spring-web-5.3.9.jar!/:5.3.9]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.3.9.jar!/:5.3.9]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:190) ~[tomcat-embed-core-9.0.50.jar!/:?]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:163) ~[tomcat-embed-core-9.0.50.jar!/:?]
    at org.springframework.session.web.http.SessionRepositoryFilter.doFilterInternal(SessionRepositoryFilter.java:141) ~[spring-session-core-2.4.4.jar!/:2.4.4]
    at org.springframework.session.web.http.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:82) ~[spring-session-core-2.4.4.jar!/:2.4.4]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:190) ~[tomcat-embed-core-9.0.50.jar!/:?]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:163) ~[tomcat-embed-core-9.0.50.jar!/:?]
    at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:97) ~[spring-boot-actuator-2.4.9.jar!/:2.4.9]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.3.9.jar!/:5.3.9]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:190) ~[tomcat-embed-core-9.0.50.jar!/:?]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:163) ~[tomcat-embed-core-9.0.50.jar!/:?]
    at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) ~[spring-web-5.3.9.jar!/:5.3.9]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.3.9.jar!/:5.3.9]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:190) ~[tomcat-embed-core-9.0.50.jar!/:?]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:163) ~[tomcat-embed-core-9.0.50.jar!/:?]

why would this happen? what should I do to fix this problem? I read the Spring Boot issue, but I still not figure out what the advantage and disadvantage about allowedOrigins contains special char "*"? why should I specify allowedOriginPatterns ?

like image 898
Dolphin Avatar asked Dec 13 '25 11:12

Dolphin

2 Answers

Actually,the solution has been given on the terminal .Both following two methods can solve the problem.

  1. Just change config.addAllowedOrigin("*"); in your programs into config.addAllowedOriginPattern("*");

  2. Alternatively,set "config.setAllowCredentials(false);"

like image 101
GuoHeng Avatar answered Dec 15 '25 14:12

GuoHeng

It is CORS SPEC, you can use setAllowCredentials(true) together with setAllowedOrigins(*)

Below is from Spring Document for method setAllowedOrigins():

/**
     * Keep in mind however that the
     * CORS spec does not allow {@code "*"} when {@link #setAllowCredentials
     * allowCredentials} is set to {@code true} and as of 5.3 that combination
     * is rejected in favor of using {@link #setAllowedOriginPatterns
     * allowedOriginPatterns} instead.
     */
like image 30
sendon1982 Avatar answered Dec 15 '25 14:12

sendon1982
Sign in to Comment

Related questions

Embedding a Java (.jar) file within a Mac Application
Ways to speed up the content assist in Eclipse 3.3
store documents based on sort order in lucene index
How to discover all the available IP addresses of the web-server?
configure id sequence hibernate generator
How to write junit tests against JPA which can be run in parallel?
Asking name and storing it?
Java ThreadPoolExecutor stops working after a while
Java Batch Insert into MySQL very slow [duplicate]
Creating a User Defined Aggregate function in Apache Derby
How to call a generic method directly?
Hibernate change some line of code get APPARENT DEADLOCKS
spring integration time out clients
Java CharsetDecoder inserting space after every character

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!