Can't access Bearer Token on login

[gyulakiraly]

Hey there, i found your API, and i would like to use it for a tutorial session. My problem is that, when we make a login call, with axios, we can't access the 'Authorization' header in the response, to save the token in Local Storage. Can you please check your CORS setup so that it allows us to access the header prop?

[richie-chauhan]

I added the annotation @CrossOrigin to all 4 rest controllers in src/main/java/com/odazie/todolistapi/webRestControllers/

And then modified src/main/java/com/odazie/todolistapi/security/WebSecurity.java

http.cors().and().csrf().disable().authorizeRequests()
    .antMatchers(HttpMethod.POST, SIGN_UP_URL).permitAll()
    .antMatchers("/v2/api-docs", "/configuration/ui", "/swagger-resources/**", "/configuration/security", "/swagger-ui.html", "/webjars/**").permitAll()
    .anyRequest().authenticated()
    .and()
    .addFilter(new JWTAuthenticationFilter(authenticationManager()))
    .addFilter(new JWTAuthorizationFilter(authenticationManager()))
    .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
    .and()
    .cors().configurationSource(request -> {
        CorsConfiguration corsConfig = new CorsConfiguration();
        corsConfig.applyPermitDefaultValues();
        corsConfig.addExposedHeader("Authorization"); // Add the header to be exposed
        return corsConfig;
    });

Not sure that the annotation is required. I did that first, it didn't work by itself.