2 months ago
Hi, I have a Java API hosted here on Railway with an internal configuration for CORS. It was working for two years, but for the past few weeks my frontend, hosted on Netlify, has been unable to make requests to the API. Has anyone else experienced this?
here my code:
//Configuration for authorization
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors(cors -> cors.configurationSource(request -> {
CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
config.addAllowedOriginPattern("*");
config.addAllowedHeader("*");
config.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS"));
config.setMaxAge(3600L);
return config;
}))
.cors().and()
.csrf().disable()
.authorizeRequests()
.antMatchers(HttpMethod.POST, "/login").permitAll()
.antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
.anyRequest().authenticated()
.and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.addFilterBefore(new TokenAuthenticationFilter(tokenService, usuarioRepository),
UsernamePasswordAuthenticationFilter.class);
}1 Replies
2 months ago
Your service is running and healthy with no errors in the logs, and the CORS filter is registered in the Spring Security chain. CORS handling is managed entirely by your application code, and there have been no platform-level changes that would affect CORS behavior. One thing to verify is that your frontend is calling your API using https:// explicitly, since HTTP POST requests to port 80 are redirected as GET requests, which would strip CORS preflight headers.
Status changed to Awaiting User Response Railway • 2 months ago
2 months ago
This thread has been marked as solved automatically due to a lack of recent activity. Please re-open this thread or create a new one if you require further assistance. Thank you!
Status changed to Solved Railway • about 2 months ago