Details
-
Bug
-
Resolution: Done
-
Critical
-
None
-
None
-
None
-
False
-
False
-
Undefined
-
2021 Week 25-27 (from Jun 21)
Description
Testing the Sprinboot examples that use consoles we found that when the consoles try to interact the runtime we get a CORS error like:
java.lang.IllegalArgumentException: When allowCredentials is true, allowedOrigins cannot contain the special value "*" since that cannot be set on the "Access-Control-Allow-Origin" response header. To allow credentials to a set of origins, list them explicitly or consider using "allowedOriginPatterns" instead.
To fix that we should modify the CorsConfig (link) and remove:
config.addAllowedOrigin("*");
And replace it with the task/mgmt consoles url like:
config.addAllowedOrigin(<mgmt-console-url>);
config.addAllowedOrigin(<task-console-url>);
We could hardcode URLS there but Ideally this should be configurable in the application properties file.
Attachments
Issue Links
- relates to
-
KOGITO-5511 Downgrade SpringBoot to 2.3.10.RELEASE
-
- Closed
-
