My application has a backend built with Spring Boot, and a frontend web application built with Angular and served by nginx. Nginx is configured to reverse-proxy requests to /api/ to the backend :
location /api/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://back:8080;
}
If nginx is running on the default port (80), I can access my application at http://myserver/ without issues. XHR calls to http://myserver/api/some/REST/resource work perfectly.
If I change nginx to listen to some other port (randomly : 9043), then all XHR calls fail with an error "Invalid CORS request". Which is unexpected, because only my frontend application is making calls to the API, and thanks to the reverse-proxy this API is served on the same host as the javascript files.
For it to function, I need to add this to my Spring application :
@Configuration
public class CorsConfig {
@Value("${url.base:''}")
private String urlBase;
@Value("${cors.allowed.origins:[]}")
private String[] allowedOrigins;
@Bean
public WebMvcConfigurer corsConfigurer() {
return new WebMvcConfigurerAdapter() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping(urlBase + "/**")
.allowedOrigins(allowedOrigins)
.allowedMethods("*");
}
};
}
}
and then set cors.allowed.origins to http://myserver:9043/ in my configuration.
This works, but it is not practical if I'm going to :
Would there be a solution to fix this by doing any of the following :
EDIT : some more details and example :
The services are dockerized :
It only works if the frontend is exposed to the outside world on port 80...
Add two http header in reverse request:
X-Forwarded-Proto
X-Forwarded-Port
to indecate the origin proto and ports (match the origin request).