Spring Boot 2.0.0 & static resources with different domains for the same app
Spring Boot 2.0.0 & static resources with different domains for the same app
I have migrated a web app from Spring Boot 1.5.10 to 2.0.0, which serves content trough different domains and it is deployed with Heroku. The main domain works fine, but with the other ones the static elements like Javascript, CSS, images and icons don't work and the browser arises this error:
Refused to execute script from '' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled
The static resources are located at:
/resources/static/css
/resources/static/css
/resources/static/js
/resources/static/js
/resources/static/images
/resources/static/images
All domains are secured with a Let's Encrypt SSL certificate, provided by Heroku. The domains are all redirected, including the main one, with a CNAME to the address provided by Heroku.
The main domain has access to all the content, and the secondary ones just can access to the content inside a directory. For example:
maindomain.com/1/ works fine but secondarydomain.com/1/ doesn't work.
maindomain.com/1/
secondarydomain.com/1/
What makes a secondary domain different from the main one, is that with an implementation of HandlerInterceptor we control that they just can access to the content from its directory. This is the code from the preHandle implementation:
HandlerInterceptor
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
serverName = request.getServerName();
if("POST".equals(request.getMethod())){
return true;
}
//We check if the request comes from one of the main domains
if(!checkRentalWebsURL(RwConstants.SERVER_NAMES, serverName)){
if(idweb == null){
Web web = webRepository.getWebByDomain(serverName);
if(web != null){
idweb = web.getIdweb();
} else {
response.sendRedirect(RwConstants.RW_URL);
}
}
String URI = request.getRequestURI();
String rootURI = "/" + idweb + "/";
if(URI.equals("/") || !URI.startsWith(rootURI)){
URI = rootURI;
RequestDispatcher requestDispatcher = request.getRequestDispatcher(request.getContextPath() + URI);
requestDispatcher.forward(request, response);
}
}
return true;
}
I've tried to solve it setting this code at an extension of WebSecurityConfigurerAdapter:
WebSecurityConfigurerAdapter
http
.authorizeRequests()
.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
@vashishth Iguan2 at GitHub has given me this solution, which I haven't tested yet: I found that after migrating to 2.0.1, all static resource requests go to my interceptor. After excluding the static resource path in the intercepter registration, it works for me. Not sure if this can help you.
– Aleix Alcover
May 25 at 13:03
1 Answer
1
The solution was to exclude the paths of the different static resources, in the interceptor registration, at the implementation of WebMvcConfigurer. This is an extract of the code:
WebMvcConfigurer
public void addInterceptors(InterceptorRegistry registry) {
...
registry.addInterceptor(rootDomainInterceptor())
.excludePathPatterns("/js/**", "/css/**", "/images/**", "/webjars/**");
}
By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service, privacy policy and cookie policy, and that your continued use of the website is subject to these policies.
did you find the solution?
– vashishth
May 24 at 15:41