Tag Archives: springboot upgrade 2.4.0

Problems in springboot upgrade 2.4.0: when allowcredentials is true, allowedorigins cannot contain the specia

    When allowCredentials is true, allowedOrigins cannot contain the special value “*“since that cannot be set on the “Access-Control-Allow-Origin” response header. To allow credentials to a set of origins, list them explicitly or consider using”allowedOriginPatterns” instead.

The translation is as follows:

Solution: cross domain configuration error, replace . Allowedorigins with . Allowedoriginpatterns .

Before revision:

@Configuration
public class WebMvcConfig implements WebMvcConfigurer {

    /**
     * Open cross-domain
     */
    @Override
    public void addCorsMappings(CorsRegistry registry) {
        // Set the routes that are allowed across the domain
        registry.addMapping("/**")
                // Set the domain name that allows cross-domain requests
                .allowedOrigins("*")
                // whether to allow certificates (cookies)
                .allowCredentials(true)
                // set the allowed methods
                .allowedMethods("*")
                // Allowed time across domains
                .maxAge(3600);
    }

}

After modification:

@Configuration
public class WebMvcConfig implements WebMvcConfigurer {

    /**
     * Open cross-domain
     */
    @Override
    public void addCorsMappings(CorsRegistry registry) {
        // Set the routes that are allowed across the domain
        registry.addMapping("/**")
                // Set the domain name that allows cross-domain requests
                .allowedOriginPatterns("*")
                // whether to allow certificates (cookies)
                .allowCredentials(true)
                // Set the allowed methods
                .allowedMethods("*")
                // Allowed time across domains
                .maxAge(3600);
    }

}