Server side log having below exception:
{“log”:“2021-10-25 20:21:56.822 ERROR 10 — [nio-8080-exec-3] o.a.c.c.C.[.[.[.[dispatcherServlet] : Servlet.service() for servlet [dispatcherServlet] in context with path [/ehrbase] threw exception\n”,“stream”:“stdout”,“time”:“2021-10-25T20:21:56.823289692Z”}
{“log”:"\n",“stream”:“stdout”,“time”:“2021-10-25T20:21:56.823429101Z”}
{“log”:“java.lang.IllegalArgumentException: When allowCredentials is true, allowedOrigins cannot contain the special value “*” since that cannot be set on the “Access-Control-Allow-Origin” response header. To allow credentials to a set of origins, list them explicitly or consider using “allowedOriginPatterns” instead.\n”,“stream”:“stdout”,“time”:“2021-10-25T20:21:56.823439121Z”}
{“log”:"\u0009at org.springframework.web.cors.CorsConfiguration.validateAllowCredentials(CorsConfiguration.java:473)\n",“stream”:“stdout”,“time”:“2021-10-25T20:21:56.823445276Z”}
{“log”:"\u0009at org.springframework.web.cors.CorsConfiguration.checkOrigin(CorsConfiguration.java:577)\n",“stream”:“stdout”,“time”:“2021-10-25T20:21:56.823450779Z”}
{“log”:"\u0009at org.springframework.web.cors.DefaultCorsProcessor.checkOrigin(DefaultCorsProcessor.java:174)\n",“stream”:“stdout”,“time”:“2021-10-25T20:21:56.823457152Z”}
{“log”:"\u0009at org.springframework.web.cors.DefaultCorsProcessor.handleInternal(DefaultCorsProcessor.java:116)\n",“stream”:“stdout”,“time”:“2021-10-25T20:21:56.823463586Z”}
{“log”:"\u0009at org.springframework.web.cors.DefaultCorsProcessor.processRequest(DefaultCorsProcessor.java:95)\n",“stream”:“stdout”,“time”:“2021-10-25T20:21:56.82346992Z”}
{“log”:"\u0009at org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:87)\n",“stream”:“stdout”,“time”:“2021-10-25T20:21:56.823476755Z”}
{“log”:"\u0009at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)\n"
Hi. Not sure if I’m breaking forum guidelines here, but I have a similar problem. I’ve got the ehrbase and a web application behind an nxing, to place both on port 80 (thinking that this would avoid CORS-problems). But I seem to get the same error message on the server as the original poster. Did you find a fix?
java.lang.IllegalArgumentException: When allowCredentials is true, allowedOrigins cannot contain the special value “*” since that cannot be set on the “Access-Control-Allow-Origin” response header. To allow credentials to a set of origins, list them explicitly or consider using “allowedOriginPatterns” instead.
at org.springframework.web.cors.CorsConfiguration.validateAllowCredentials(CorsConfiguration.java:473)
at org.springframework.web.cors.CorsConfiguration.checkOrigin(CorsConfiguration.java:577)
at org.springframework.web.cors.DefaultCorsProcessor.checkOrigin(DefaultCorsProcessor.java:174)
The javascript-code that makes the call is at Bitbucket
I’ve tried putting the API on various places, including /ehrbase and /lab/ehrbase (the html application is on /lab)
I’m a total noob on OpenEHR and EHRBase, so please forgive me if my question is very stupid. It seems as the CORS configuration isn’t working with my setup. I used the prebuilt images with ‘docker compose’, but maybe I have to change to code to my URLs and then build myself?
welcome to the forum! This is the right place to discuss these technical questions. Can you please check if this has already an issue in the tracker on EHRbase GitHub? Issues · ehrbase/ehrbase · GitHub
Yes, this could very well be the same issue, though the bug-report doesn’t seem to have the log from the server so I can’t say for sure. There seems to have been a change in the spring CORS behaviour lately that has caused this type of problem in other systems also.
I was half way into writing a bug report, but with these CORS issues it’s difficult to find out if the problem is on my client end, the nginx proxy in the middle or the server. Earlier I’ve always managed to work around the CORS behaviour by collecting the web app and apis on a single domain through an nginx node, so I’m really not sure where the problem is. But since there’s been a recent change in the spring framework related to CORS that could be the culprit (see for example Cors enabled in Spring Boot with Angular, still cors errors - Stack Overflow). It also won’t appear if you turn off authentication, which I guess many people do while testing. Since CORS behaviour is less strict when there is no authentication. I “fixed” my server by turning off authentication.
I’ll link this post into the existing bug report, in case it helps.