CORS problems with Springboot and Angular Websocket

问题

I have two service to build a Spring Boot application

But I always got CORS problems like this

Access to XMLHttpRequest at '.../websocket-cr/info?t=1581585481804' from origin'http://localhost:8080' 
has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin'
header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. 
The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials.

Springboot service on 8082

    public void registerStompEndpoints(StompEndpointRegistry registry) {
       registry.addEndpoint("/websocketcr").
       setAllowedOrigins("http://localhost:8080").withSockJS();
    }

Angular service on 8080

    var socket = new SockJS('http://localhost:8080/websocket-cr');
    //socket.withCredentials = true ;
    stompClient = Stomp.over(socket);

I have tried

    setAllowedOrigins("http://localhost:8080").withSockJS();
    setAllowedOrigins("*").withSockJS();

or use CORS Anywhere in javascript

    var socket = new SockJS('http://cors-anywhere.herokuapp.com/http://localhost:8082/websocket-cr');
    socket.withCredentials = true ;

and what is the best way to done that

should I make angular proxy to my backend server?

or it is ok by setAllowedOrigins('host:port')

回答1:

In your Main class of the SpringBoot service , inject the below bean,it will work

@Bean
public WebMvcConfigurer corsConfigurer() {
    return new WebMvcConfigurer () {
        @Override
        public void addCorsMappings(CorsRegistry registry) {
            registry.addMapping("/**").allowedMethods("GET", "POST", "PUT", "DELETE").allowedHeaders("*")
                    .allowedOrigins("*");
        }
    };
}

回答2:

Simply just add @CrossOrigin annotation on top of the class. It's work perfectly. For example:

@RestController
@CrossOrigin(origins = "*")
public class YourController {
    .....
}

回答3:

Sorry for coming late to this Party. I am using here STOMP JS in angular 8 with springboot working demo you need to add WebSocketConfig class to configure things for Socket and For controller separately if you need it.

Configuration Class

import org.springframework.context.annotation.Configuration;
import org.springframework.messaging.simp.config.MessageBrokerRegistry;
import org.springframework.web.socket.config.annotation.EnableWebSocketMessageBroker;
import org.springframework.web.socket.config.annotation.StompEndpointRegistry;
import org.springframework.web.socket.config.annotation.WebSocketMessageBrokerConfigurer;

@Configuration
@EnableWebSocketMessageBroker
public class WebSocketConfig implements WebSocketMessageBrokerConfigurer {

    @Override
    public void configureMessageBroker(MessageBrokerRegistry config) {
        config.enableSimpleBroker("/topic");
        config.setApplicationDestinationPrefixes("/app");
    }

    @Override
    public void registerStompEndpoints(StompEndpointRegistry registry) {
        registry.addEndpoint("/ws")
        .setAllowedOrigins("*")
        //.setAllowedOrigins("http://localhost:4200").setAllowedOrigins("http://localhost:8081")
        .withSockJS();
    }
}

ref Another Help from Spring people

In Controller Class just add

@Controller
@CrossOrigin(origins = "*")
public class LogsController {
..
}

And answer will be updated for authentication/authorization sooner and later.

来源：https://stackoverflow.com/questions/60205312/cors-problems-with-springboot-and-angular-websocket