CROS problem with ALB

1

I have a websit with DNS as "https://mydns.com". This website is created by Vue.js and need to fetch data from another background EC2(springboot application) behind ALB. I used java keytool to generate cert and import it to springboot backend application and ALB. But when the website send request to ALB, the following error appears Access to XMLHttpRequest at 'https://mylb-124432526.ap-northeast-1.elb.amazonaws.com/course/listAllCourse?param1=1&param2=16&param3=all' from origin 'https://mydns.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource Before setting the website and springboot background as https, the setting of CORS never went wrong. Do I need to configure ALB to let it pass CORS?

3 Answers
3
Accepted Answer

Hi jjshen,

Please go through the below steps i hope it will helps to resolve your issue.

Configure CORS in Spring Boot:

  • Ensure your Spring Boot application includes CORS headers.
@RestController
public class MyController {

    @CrossOrigin(origins = "https://mydns.com")
    @RequestMapping("/course/listAllCourse")
    public ResponseEntity<?> listAllCourses() {
        // Your code here
    }
}

CORS Configuration Class (if needed):

  • Add a global CORS configuration if individual controllers are not sufficient.
@Configuration
public class WebConfig implements WebMvcConfigurer {

    @Override
    public void addCorsMappings(CorsRegistry registry) {
        registry.addMapping("/**")
                .allowedOrigins("https://mydns.com")
                .allowedMethods("GET", "POST", "PUT", "DELETE")
                .allowedHeaders("*")
                .allowCredentials(true);
    }
}

Check ALB Listener Rules:

  • Ensure the ALB listener is correctly forwarding HTTPS traffic to the Spring Boot backend.
  • ALB itself doesn't manage CORS, but ensure SSL/TLS termination is correctly set up.

Validate SSL/TLS:

  • Verify that your certificates are correctly imported and configured on both the ALB and the Spring Boot application.

Testing:

  • Test the CORS configuration by making an API request from your Vue.js application to ensure the Access-Control-Allow-Origin header is correctly returned.
EXPERT
answered 3 months ago
EXPERT
reviewed 3 months ago
EXPERT
reviewed 3 months ago
profile picture
EXPERT
reviewed 3 months ago
  • Thank you very much for your answer. I resolve this problem.

3

You cant perform Header Insertion/modification with an ALB. You will need to rectify this on your HTTP server

profile picture
EXPERT
answered 3 months ago
profile picture
EXPERT
reviewed 3 months ago
EXPERT
Leo K
reviewed 3 months ago
1

Hello.

ORS issue with ALB for your Vue.js website (https://mydns.com) fetching data from a Springboot app behind ALB:

Recommended Approach (More Secure):

  1. Configure CORS directly in your Springboot app using libraries like spring-webcors.

  2. Set @CrossOrigin(origins = "https://mydns.com") on controllers or methods handling requests.

Alternative Approach (Less Secure):

  1. Configure ALB to add CORS headers (only if Springboot configuration isn't feasible).

  2. Use AWS CLI/Console to add a rule in your ALB listener:

Forward requests to Springboot target group.

Insert header "Access-Control-Allow-Origin" with value "https://mydns.com".

Reference Links:

Spring Web CORS: https: //www.baeldung.com/spring-cors

Adding CORS headers to ALB: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/cors-support.html (search for "Modify headers and response codes")

EXPERT
answered 3 months ago
EXPERT
reviewed 3 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions