How to set CORS header ‘Access-Control-Allow-Origin’ missing)

Question

Spring Code from the Backend

@Configuration
@EnableWebSecurity
public class OAuth2Configuration extends WebSecurityConfigurerAdapter {

@Override
protected void configure(HttpSecurity http) throws Exception {
    final String corsOrigin = "http://localhost:3000";
    http.addFilterBefore(new CorsFilter(corsConfigurationSource(corsOrigin)), AbstractPreAuthenticatedProcessingFilter.class);
}
  private CorsConfigurationSource corsConfigurationSource(String corsOrigin) {
    CorsConfiguration configuration = new CorsConfiguration();
    configuration.setAllowedOrigins(Arrays.asList(corsOrigin));
    configuration.setAllowedMethods(Arrays.asList("GET", "POST", "HEAD", "OPTIONS", "PUT", "PATCH", "DELETE"));
    configuration.setMaxAge(10L);
    configuration.setAllowedHeaders(Arrays.asList("Accept", "Access-Control-Allow-Headers", "Access-Control-Allow-Origin", "Access-Control-Request-Method", "Access-Control-Request-Headers",
             "Authorization", "Content-Type", "Origin"));
    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    source.registerCorsConfiguration("/**", configuration);
    return source;
}

}

And the Axios Vue3 Code

import axios from 'axios'
const api = axios.create({
  baseURL: 'http://localhost:8081',
  headers: {
    'Content-Type': 'application/json',
  },
})

export default api

XHRPOSThttp://localhost:8081/equipment CORS Missing Allow Origin

POST http://localhost:8081/equipment Status 403 VersionHTTP/1.1 Transferred539 B (120 B size) Referrer Policystrict-origin-when-cross-origin

Cache-Control no-cache, no-store, max-age=0, must-revalidate Connection keep-alive Content-Type application/json Date Thu, 19 May 2022 19:38:26 GMT Expires 0 Keep-Alive timeout=60 Pragma no-cache Set-Cookie JSESSIONID=77976887FAF4420F90ED78DBA88191C3; Path=/; HttpOnly Transfer-Encoding chunked X-Content-Type-Options nosniff X-Frame-Options DENY X-XSS-Protection 1; mode=block

Accept application/json, text/plain, / Accept-Encoding gzip, deflate Accept-Language en-US,en;q=0.5 Connection keep-alive Content-Length 23 Content-Type application/json Host localhost:8081 Origin http://localhost:3000 Referer http://localhost:3000/ Sec-Fetch-Dest empty Sec-Fetch-Mode cors Sec-Fetch-Site same-site User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:97.0) Gecko/20100101 Firefox/97.0

I get this cors error and really dont know anymore what to do please help

package org.orgatech.calatena.core;

im

port org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter;
import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;

import java.util.Arrays;

@Configuration
@EnableWebSecurity
public class OAuth2Configuration extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        // The configuration that you needed

        // If preflight requests are redirected by OAuth conf, you can try adding:
        // .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()

        // CORS configuration

        // This value must be parameterized according to your application needs
        final String corsOrigin = "http://localhost:3000/";
        // The idea is to insert the CORS filter before the filter injected by
        // the @EnableOAuth2Sso annotation
        http.addFilterBefore(new CorsFilter(corsConfigurationSource(corsOrigin)), AbstractPreAuthenticatedProcessingFilter.class);
    }

    private CorsConfigurationSource corsConfigurationSource(String corsOrigin) {
        CorsConfiguration configuration = new CorsConfiguration();
        configuration.setAllowedOrigins(Arrays.asList("http://localhost:3000/"));
        configuration.setAllowedMethods(Arrays.asList("GET", "POST", "HEAD", "OPTIONS", "PUT", "PATCH", "DELETE"));
        configuration.setMaxAge(10L);
        configuration.setAllowCredentials(true);
        configuration.setAllowedHeaders(Arrays.asList("Accept", "Access-Control-Allow-Headers", "access-control-allow-origin", "Access-Control-Request-Method", "Access-Control-Request-Headers",
                "Accept-Language", "Authorization", "Content-Type", "Request-Name", "Request-Surname", "Origin", "X-Request-AppVersion",
                "X-Request-OsVersion", "X-Request-Device", "X-Requested-With"));
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", configuration);
        return source;
    }
}

enter image description here

enter image description here

Answer 1

I found a solution. It seems on the transitions to 3.0 EF gets confused with one to one relationships. So I added this on the Fluent:

protected override void OnModelCreating(ModelBuilder modelBuilder)
        {
            modelBuilder.Entity<RestaurantCustomQuestionCategory>()
                .HasKey(t => new {t.RestaurantId, t.QuestionCategoryId});
            modelBuilder.Entity<RestaurantCustomQuestionCategory>()
                .HasOne(t => t.QuizLimits)
                .WithOne(i => i.RestaurantCustomCategory)
                .HasForeignKey<CustomCategoryQuizLimits>(t => new { t.RestaurantId, t.QuestionCategoryId });
}