Skip to content

Not possible to use allowedOrigins "*" in StompEndpointRegistry after upgrade to Spring Boot 2.4.0 #26111

New issue
New issue
Closed
Closed
Not possible to use allowedOrigins "*" in StompEndpointRegistry after upgrade to Spring Boot 2.4.0#26111
Assignees
rstoyanchev
Labels
in: messagingIssues in messaging modules (jms, messaging)status: supersededAn issue that has been superseded by anothertype: regressionA bug that is also a regression
@opersson

Description

@opersson
opersson
opened on Nov 18, 2020

Not sure if this should be filed under Spring Boot or Spring framework, but I put it here since Spring Boot Starter is in use.

After upgrading to use Spring Boot 2.4.0 from 2.3.x, it does not seem to be possible to use allowedOrigins = "*" in the StompEndpointRegistry. When connecting it results in the following Error:

java.lang.IllegalArgumentException: When allowCredentials is true, allowedOrigins cannot contain the special value "*"since that cannot be set on the "Access-Control-Allow-Origin" response header. To allow credentials to a set of origins, list them explicitly or consider using "allowedOriginPatterns" instead.

However, allowedOriginPatterns i not something that is available on the StompEndpointRegistry, only allowedOrigins is available.

Code to reproduce 
package com.example.demo;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.web.socket.config.annotation.EnableWebSocketMessageBroker;
import org.springframework.web.socket.config.annotation.StompEndpointRegistry;
import org.springframework.web.socket.config.annotation.StompWebSocketEndpointRegistration;
import org.springframework.web.socket.config.annotation.WebSocketMessageBrokerConfigurer;

@SpringBootApplication
@EnableWebSocketMessageBroker
public class DemoApplication implements WebSocketMessageBrokerConfigurer {

	public static void main(String[] args) {
		SpringApplication.run(DemoApplication.class, args);
	}

	@Override
	public void registerStompEndpoints(StompEndpointRegistry registry) {
		StompWebSocketEndpointRegistration registration = registry.addEndpoint("/endpoint");
		registration.setAllowedOrigins("*");
		registration.withSockJS();
	}
}
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Title</title>
    <script>
        fetch("http://localhost:8080/endpoint")
            .then(response => console.log(response));
    </script>
</head>
<body>
</body>
</html>
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
	<modelVersion>4.0.0</modelVersion>
	<parent>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-parent</artifactId>
		<version>2.4.0</version>
		<relativePath/> <!-- lookup parent from repository -->
	</parent>
	<groupId>com.example</groupId>
	<artifactId>demo</artifactId>
	<version>0.0.1-SNAPSHOT</version>
	<name>demo</name>
	<description>Demo project for Spring Boot</description>

	<properties>
		<java.version>11</java.version>
	</properties>

	<dependencies>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-websocket</artifactId>
		</dependency>
	</dependencies>

	<build>
		<plugins>
			<plugin>
				<groupId>org.springframework.boot</groupId>
				<artifactId>spring-boot-maven-plugin</artifactId>
			</plugin>
		</plugins>
	</build>

</project>

Start the server on port 8080 and host the host the html file on another port and open it in a browser.

Metadata

Metadata

Assignees

Labels

in: messagingIssues in messaging modules (jms, messaging)status: supersededAn issue that has been superseded by anothertype: regressionA bug that is also a regression

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions