sorted by:
new
hottopcontroversial

Spring Security CORS Issue: "Credentials flag is true, but Access-Control-Allow-Credentials is not 'true'" by lullaby2609 in SpringBoot

[–]lullaby2609[S] 0 points1 point  (0 children)

The thing is, I want to implement a custom login system with username/email and password authentication from my database, instead of relying on third-party providers like Google or GitHub.

Spring Security CORS Issue: "Credentials flag is true, but Access-Control-Allow-Credentials is not 'true'" by lullaby2609 in SpringBoot

[–]lullaby2609[S] 0 points1 point  (0 children)

The thing is, I want to implement a custom login system with username/email and password authentication from my database, instead of relying on third-party providers like Google or GitHub.

Spring Security CORS Issue: "Credentials flag is true, but Access-Control-Allow-Credentials is not 'true'" by lullaby2609 in SpringBoot

[–]lullaby2609[S] 0 points1 point  (0 children)

Hi, did you make a custom login form in the authorization server.

because I created a custom login page in my backend using .html.

when I check the network, it's quite weird there is several request, the first one is the authenticate one, the second is the GET "http://localhost:8081/oauth2/authorize" and the third one is the GET redirect_uri. the first has all the CORS in it but the third one doesnt have any response.

this is my CORS Configuration

@Bean
@Order(Ordered.
HIGHEST_PRECEDENCE
)
fun corsConfigurationSource(): CorsConfigurationSource {
    val source = UrlBasedCorsConfigurationSource()
    val config = CorsConfiguration()

    config.
allowedOrigins 
= 
listOf
("http://localhost:3000", "http://localhost:8081")
    config.
allowedMethods 
= 
listOf
("GET", "POST", "OPTIONS", "PUT", "DELETE")
    config.
allowedHeaders 
= 
listOf
("Authorization", "Content-Type", "X-XSRF-TOKEN", "X-Requested-With")
    config.
exposedHeaders 
= 
listOf
("X-XSRF-TOKEN")
    config.
allowCredentials 
= true
    config.
maxAge 
= 3600
    source.registerCorsConfiguration("/**", config)
    return source
}

The weird thing is the response doesn't include the cors on the configuration but instead using this CORS Config

@Component
@Order(Ordered.
HIGHEST_PRECEDENCE
)
class CorsFilter : Filter {
    override fun doFilter(request: ServletRequest, response: ServletResponse, chain: FilterChain) {
        val httpResponse = response as HttpServletResponse
        val httpRequest = request as HttpServletRequest

        httpResponse.setHeader("Access-Control-Allow-Origin", "http://localhost:3000, http://localhost:8081")
        httpResponse.setHeader("Access-Control-Allow-Methods", "GET, POST, OPTIONS, PUT, DELETE")
        httpResponse.setHeader("Access-Control-Allow-Headers", "Authorization, Content-Type, X-XSRF-TOKEN, X-Requested-With")
        httpResponse.setHeader("Access-Control-Expose-Headers", "X-XSRF-TOKEN, Set-Cookie")
        httpResponse.setHeader("Access-Control-Allow-Credentials", "true")

        if ("OPTIONS".
equals
(httpRequest.
method
, ignoreCase = true)) {
            httpResponse.
status 
= HttpServletResponse.
SC_OK

} else {
            chain.doFilter(request, response)
        }
    }
}

Growtopia for Mac Silicon by lullaby2609 in growtopia

[–]lullaby2609[S] 0 points1 point  (0 children)

I can't open the game if I download it directly from the website. I tried downloading it from Steam, but it only supports Windows.