{"id":321,"date":"2018-02-06T02:25:09","date_gmt":"2018-02-06T02:25:09","guid":{"rendered":"http:\/\/kevinmichaelcoy.com\/blog\/?p=321"},"modified":"2018-02-06T02:31:41","modified_gmt":"2018-02-06T02:31:41","slug":"no-access-control-allow-origin-cors-problem","status":"publish","type":"post","link":"http:\/\/kevinmichaelcoy.com\/blog\/2018\/02\/06\/no-access-control-allow-origin-cors-problem\/","title":{"rendered":"No &#8216;Access-Control-Allow-Origin&#8217; CORS Problem"},"content":{"rendered":"<p>I have a web application that I have been working on, which has an AngularJS 1.6 UI with a Spring Boot Java backend. I develop the AngularJS with Visual Studio Code, which is probably the only Microsoft product I have ever used that I feel was really well done, and it works great for AngularJS. I run the code with <code>npm start<\/code> on port 8000 by default. The backend is a Spring Boot REST application configured to run on a different port 8181. When, I try to get the frontend to talk to the backend, I get the following issue:<\/p>\n<p>[code language=&#8221;bash&#8221; wraplines=&#8221;true&#8221;]<br \/>\nFailed to load http:\/\/localhost:8181\/restaurants\/wingspecials\/: No &#8216;Access-Control-Allow-Origin&#8217; header is present on the requested resource. Origin &#8216;http:\/\/localhost:8000&#8217; is therefore not allowed access.<br \/>\n[\/code]<\/p>\n<p>This is because browsers, by default, block cross domain communication due to security concern. If you want to achieve cross domain communication, then you need to do something to allow for it to happen. This is called <a href=\"https:\/\/www.w3.org\/TR\/cors\/\">Cross-Origin Resource Sharing or CORS<\/a>. There are a few ways to satisfy CORS, such as by using <a href=\"https:\/\/en.wikipedia.org\/wiki\/JSONP\">JSON-P<\/a> (ie, JSON with Padding). However, in my opinion there is a better way when using Spring. With Spring, we can use a special annotation to allow for CORS. Here is an example:<\/p>\n<p>[code language=&#8221;java&#8221; highlight=&#8221;5&#8243;]<br \/>\n@RestController<br \/>\npublic class WingSpecialController {<\/p>\n<p>    @RequestMapping(&quot;restaurants\/wingspecials&quot;)<br \/>\n    @CrossOrigin(origins = { &quot;http:\/\/localhost:8000&quot; })<br \/>\n    public List&lt;WingSpecial&gt; getWingSpecials() {<br \/>\n        \/\/ do something&#8230;<br \/>\n    }<\/p>\n<p>}<br \/>\n[\/code]<\/p>\n<p>Here we specify in the backend code for a specific REST endpoint to allow for Cross-Origin communication from http:\/\/localhost:8000, which is the port the <code>npm<\/code> is running the AngularJS code on.<\/p>\n<p>Also, I find that I need to allow for CORS in my actual deployment. Even though both my frontend and backend code is hosted on the same server, I host the frontend on my actual domain (http:\/\/www.wingspecials.today) and the backend on a subdomain (http:\/\/service.wingspecials.today). This requires CORS as well and order to achieve this you can supply an array to the annotation like so:<\/p>\n<p>[code language=&#8221;java&#8221; highlight=&#8221;5&#8243;]<br \/>\n@RestController<br \/>\npublic class WingSpecialController {<\/p>\n<p>    @RequestMapping(&quot;restaurants\/wingspecials&quot;)<br \/>\n    @CrossOrigin(origins = { &quot;http:\/\/localhost:8000&quot;, &quot;http:\/\/www.wingspecials.today&quot; })<br \/>\n    public List&lt;WingSpecial&gt; getWingSpecials() {<br \/>\n        \/\/ do something&#8230;<br \/>\n    }<\/p>\n<p>}<br \/>\n[\/code]<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I have a web application that I have been working on, which has an AngularJS 1.6 UI with a Spring Boot Java backend. I develop the AngularJS with Visual Studio Code, which is probably the only Microsoft product I have ever used that I feel was really well done, and&#8230;<\/p>\n<p class=\"continue-reading-button\"> <a class=\"continue-reading-link\" href=\"http:\/\/kevinmichaelcoy.com\/blog\/2018\/02\/06\/no-access-control-allow-origin-cors-problem\/\">Continue reading<i class=\"crycon-right-dir\"><\/i><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[5],"tags":[289,290,291,287,288,234,292,293,235],"_links":{"self":[{"href":"http:\/\/kevinmichaelcoy.com\/blog\/wp-json\/wp\/v2\/posts\/321"}],"collection":[{"href":"http:\/\/kevinmichaelcoy.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/kevinmichaelcoy.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/kevinmichaelcoy.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/kevinmichaelcoy.com\/blog\/wp-json\/wp\/v2\/comments?post=321"}],"version-history":[{"count":8,"href":"http:\/\/kevinmichaelcoy.com\/blog\/wp-json\/wp\/v2\/posts\/321\/revisions"}],"predecessor-version":[{"id":329,"href":"http:\/\/kevinmichaelcoy.com\/blog\/wp-json\/wp\/v2\/posts\/321\/revisions\/329"}],"wp:attachment":[{"href":"http:\/\/kevinmichaelcoy.com\/blog\/wp-json\/wp\/v2\/media?parent=321"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/kevinmichaelcoy.com\/blog\/wp-json\/wp\/v2\/categories?post=321"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/kevinmichaelcoy.com\/blog\/wp-json\/wp\/v2\/tags?post=321"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}