I've built an API with Springboot 1.3.0. Its security is provided by Stormpath and Spring Security frameworks. This API is supposed to be consumed by any client, everywhere. I mean mobile phones and web pages(AngularJS+ HTML5). Without Stormpath, that webpage client is able to post data to API successfully, however, when Stormpath is added to tha application, all calls from the client to API fail and this error message is shown in console: "XMLHttpRequest cannot load http://localhost:8080/api/save. Response for preflight is invalid (redirect)" Is there a way to Stormpath to support CORS in a similar architecture like that ?
Client (AngularJS) -------remote call ------> Springboot API (Rest)
Here is the AngularJS service. As aforementioned the service calls succeed with no Stormpath.
app.service('apiService', function($http, $q, CONST){
this.save = function(person){
var def = $q.defer();
$http(
{
url:CONST.BASE_URL+'/save',
method:'POST',
data: person,
headers: {
'Content-Type':'application/json'
}
}
).then(
function success(response){
def.resolve(response.data);
},
function error(response){
def.resolve(response.data);
});
return def.promise;
};
});
Here is the config of the app.module
app.config(['$httpProvider', function($httpProvider){
$httpProvider.defaults.headers.common["Accept"] = "application/json";
$httpProvider.defaults.headers.common = {};
$httpProvider.defaults.headers.post = {};
$httpProvider.defaults.headers.put = {};
$httpProvider.defaults.headers.get = {};
}]);
We have never tried an integration for CORS. I think the problem comes from the fact that Stormpath will redirect to the
/loginpage if the user is not authenticated, and that's not allowed by CORS. Just to validate that this is the actual issue, can you try authenticating the user first and then going tohttp://localhost:8080/api/saveonce the user is authenticated?Disclaimer, I am an Stormpath contributor.