@Bean CorsConfigurationSource corsConfigurationSource() { return new CorsConfigurationSource() { @Override public CorsConfiguration getCorsConfiguration(HttpServletRequest request) { var cors = new CorsConfiguration(); cors.setAllowedOrigins(List.of("*")); cors.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "OPTIONS")); cors.setAllowedHeaders(List.of("*")); return cors; } }; } @Override protected void configure(HttpSecurity http) throws Exception { // @formatter: off http .csrf() .disable() .cors() .configurationSource(corsConfigurationSource()) .and() .exceptionHandling()
Còn đây là config websocket
public class WebSocketConfig implements WebSocketMessageBrokerConfigurer { @Override public void configureMessageBroker(MessageBrokerRegistry config) { config.enableSimpleBroker("/topic"); config.setApplicationDestinationPrefixes("/app"); } @Override public void registerStompEndpoints(StompEndpointRegistry registry) { registry.addEndpoint("/websocket") .setAllowedOriginPatterns("*").withSockJS(); }
Và khi em connect socket ở bên FE thì lỗi như này nè a :(
Access to XMLHttpRequest at 'http://localhost:8082/emaf/api/v1/websocket/info?t=1669656213092' from origin 'http://127.0.0.1:5500' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute. </pre> Mong a hướng dẫn e cách fix bên BE ạ.