I have implemented websockets in Spring with STOMP & Sock js & it is working as expected. The issue arises when we are moving our application to offshore environment where every request first connects to the front-end & the front-end then redirects this request to backend which results in 500 internal server error. If the front-end tries to connect to backend directly (skipping the redirection part), it works perfectly. Is there any way to handle this in java spring security config or websocket config ? (The front-end team is using Angular 14)
Below is my code snippet in WebsocketConfig.java
@Override
public void registerStompEndpoints(StompEndpointRegistry stompEndpointRegistry) {
stompEndpointRegistry.addEndpoint("/socket").setAllowedOrigins("*").withSockJS();
}
@Override
public void configureMessageBroker(MessageBrokerRegistry messageBrokerRegistry) {
messageBrokerRegistry.setApplicationDestinationPrefixes("/app");
messageBrokerRegistry.enableSimpleBroker("/chat");
}
Any help is much appreciated. Thanks in advance.
I tried using following in Spring security by overriding 'configure' method :
.headers().addHeaderWriter(new XFrameOptionsHeaderWriter(new StaticAllowFromStrategy(URI.create("https://FrontEndServerAddress/")))) ;