From b51b29bb33e0239a9be348fdf3e0610556c2c4db Mon Sep 17 00:00:00 2001 From: Dmitriy Sim Date: Wed, 17 Feb 2021 20:30:11 +0300 Subject: [PATCH] remove cors config for rest --- demo-client-app/src/App.js | 24 +++++++++++++++---- .../config/WebSecurityConfig.java | 4 +--- 2 files changed, 21 insertions(+), 7 deletions(-) diff --git a/demo-client-app/src/App.js b/demo-client-app/src/App.js index 1872819..d965210 100644 --- a/demo-client-app/src/App.js +++ b/demo-client-app/src/App.js @@ -1,6 +1,8 @@ import { useCallback, useEffect } from "react"; import Stomp from "webstomp-client"; import SockJS from "sockjs-client"; +import { proxy } from "../package.json"; + import logo from "./logo.svg"; import "./App.css"; @@ -8,10 +10,24 @@ let stomp; const connect = async (token) => { if (stomp != null) return; - console.info("Connect to Websocket"); - const sock = new SockJS("http://localhost:8081/api/ws"); + let url = "/api/ws"; + let message = "Connect to Websocket"; + // webpack-dev-server also uses sockjs-client; + // default proxy may incorrectly route requests + // resulting in transport switch, + // which is slow on https. + // + // Hence, we cannot rely on default proxy. + // Requests should be sent directly to a websocket. + if (process.env.NODE_ENV !== "production") { + url = `${proxy}${url}`; + message += " Directly"; + } + console.info(message); + const sock = new SockJS(url); stomp = Stomp.over(sock); + // disable stomp logging stomp.debug = (msg) => {} stomp.connect( @@ -69,7 +85,7 @@ function App({ keycloak }) { className="App-link" onClick={(e) => { e.preventDefault(); - fetchFromApi("http://localhost:8081/api/userinfo"); + fetchFromApi("/api/userinfo"); }} > Get user email @@ -79,7 +95,7 @@ function App({ keycloak }) { className="App-link" onClick={(e) => { e.preventDefault(); - fetchFromApi("http://localhost:8081/api/users"); + fetchFromApi("/api/users"); }} > Get all users diff --git a/demo-resource-server/src/main/java/ru/digitalbanana/demoresourceserver/config/WebSecurityConfig.java b/demo-resource-server/src/main/java/ru/digitalbanana/demoresourceserver/config/WebSecurityConfig.java index 95ef275..e72cb75 100644 --- a/demo-resource-server/src/main/java/ru/digitalbanana/demoresourceserver/config/WebSecurityConfig.java +++ b/demo-resource-server/src/main/java/ru/digitalbanana/demoresourceserver/config/WebSecurityConfig.java @@ -10,9 +10,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { - http.cors() - .and() - .csrf().disable() + http .authorizeRequests() .antMatchers(HttpMethod.GET, "/userinfo", "/user/**") .authenticated()