<pre> @Bean CorsConfigurationSource corsConfigurationSource() { return new CorsConfigurationSource() { @Override public CorsConfiguration getCorsConfiguration(HttpServletRequest request) { var cors = new CorsConfiguration(); cors.setAllowedOrigins(List.of("*")); cors.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "OPTIONS")); cors.setAllowedHeaders(List.of("*")); return cors; } }; } @Override protected void configure(HttpSecurity http) throws Exception { // @formatter: off http .csrf() .disable() .cors() .configurationSource(corsConfigurationSource()) .and() .exceptionHandling() </pre> <p> Còn đây là config websocket </p> <pre>public class WebSocketConfig implements WebSocketMessageBrokerConfigurer { @Override public void configureMessageBroker(MessageBrokerRegistry config) { config.enableSimpleBroker("/topic"); config.setApplicationDestinationPrefixes("/app"); } @Override public void registerStompEndpoints(StompEndpointRegistry registry) { registry.addEndpoint("/websocket") .setAllowedOriginPatterns("*").withSockJS(); } </pre> <p> Và khi em connect socket ở bên FE thì lỗi như này nè a :( </p> <img class="alignnone size-full wp-image-8601" src="https://stackask.com/wp-content/uploads/2022/11/loicors.png" alt="" /> <pre> Access to XMLHttpRequest at 'http://localhost:8082/emaf/api/v1/websocket/info?t=1669656213092' from origin 'http://127.0.0.1:5500' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute. &lt;/pre&gt; Mong a hướng dẫn e cách fix bên BE ạ.