hanrw · May 7, 2021 08:48
diff --git a/SecurityConfig.java b/SecurityConfig.java
 import org.springframework.context.annotation.Bean;
 import org.springframework.http.HttpHeaders;
 import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
 import org.springframework.security.config.web.server.ServerHttpSecurity;
 import org.springframework.security.web.server.SecurityWebFilterChain;
 import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.cors.reactive.CorsConfigurationSource;
 import org.springframework.web.cors.reactive.UrlBasedCorsConfigurationSource;

 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.List;

 @EnableWebFluxSecurity
 public class SecurityConfig {

    @Bean
    public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
        return http.cors(corsSpec -> corsSpec.configurationSource(corsConfigurationSource())).build();
    }

    CorsConfigurationSource corsConfigurationSource() {
        CorsConfiguration configuration = new CorsConfiguration();
        configuration.setAllowedOrigins(Collections.singletonList("http://localhost:3000"));
        configuration.setAllowedMethods(Arrays.asList("GET", "PUT", "DELETE", "POST", "OPTIONS", "HEAD"));
        List<String> allowedHeaders = new ArrayList<>();
        allowedHeaders.add(HttpHeaders.ORIGIN);
        allowedHeaders.add(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD);
        allowedHeaders.add(HttpHeaders.AUTHORIZATION);
        configuration.setAllowedHeaders(allowedHeaders);
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", configuration);
        return source;
    }
 }
	import org.springframework.context.annotation.Bean;
	import org.springframework.http.HttpHeaders;
	import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
	import org.springframework.security.config.web.server.ServerHttpSecurity;
	import org.springframework.security.web.server.SecurityWebFilterChain;
	import org.springframework.web.cors.CorsConfiguration;
	import org.springframework.web.cors.reactive.CorsConfigurationSource;
	import org.springframework.web.cors.reactive.UrlBasedCorsConfigurationSource;

	import java.util.ArrayList;
	import java.util.Arrays;
	import java.util.Collections;
	import java.util.List;

	@EnableWebFluxSecurity
	public class SecurityConfig {

	@Bean
	public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
	return http.cors(corsSpec -> corsSpec.configurationSource(corsConfigurationSource())).build();
	}

	CorsConfigurationSource corsConfigurationSource() {
	CorsConfiguration configuration = new CorsConfiguration();
	configuration.setAllowedOrigins(Collections.singletonList("http://localhost:3000"));
	configuration.setAllowedMethods(Arrays.asList("GET", "PUT", "DELETE", "POST", "OPTIONS", "HEAD"));
	List<String> allowedHeaders = new ArrayList<>();
	allowedHeaders.add(HttpHeaders.ORIGIN);
	allowedHeaders.add(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD);
	allowedHeaders.add(HttpHeaders.AUTHORIZATION);
	configuration.setAllowedHeaders(allowedHeaders);
	UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
	source.registerCorsConfiguration("/**", configuration);
	return source;
	}
	}