0

I am new to spring boot and spring security. Here i am trying to run spring boot web application with thymeleaf but when i try to hit url in browser page loaded with-out css.

in Firefox below warning showing

Strict-Transport-Security: The connection to the site is untrustworthy, so the specified header was ignored.

Loading failed for the <script> with source “https://localhost:xxxx/assets/bootstrap/js/bootstrap.min.js”.

in Chrome below error showing

Refused to apply style from 'https://localhost:xxxx/assets/dist/css/login.css' because its MIME type ('application/json') is not a supported stylesheet MIME type, and strict MIME checking is enabled.

Refused to apply style from 'https://localhost:xxxx/assets/bootstrap/css/bootstrap.min.css' because its MIME type ('application/json') is not a supported stylesheet MIME type, and strict MIME checking is enabled

What is wrong in my application.

Durga
  • 465
  • 3
  • 15
  • 31
  • Possible duplicate of [Stylesheet not loaded because of MIME-type](https://stackoverflow.com/questions/48248832/stylesheet-not-loaded-because-of-mime-type) – Alien Sep 05 '18 at 09:07
  • @Alien it's not related to my question – Durga Sep 05 '18 at 09:11
  • I guess your stylesheet's delivery is blocked by spring security and the browser recieves some kind of error message. Try to open the stylsheet in your browser. – Flocke Sep 05 '18 at 09:17
  • @Flocke where it is available in browser? – Durga Sep 05 '18 at 09:19
  • @Durga Open the page in your brwoser and then open the source-code-view (right-click, something like "Source Code View"). There you will find a snippet like – Flocke Sep 05 '18 at 11:38

1 Answers1

1

Just a general hint: if your are using an IDE like eclipse ensure you have all the files in the respective folders and counter check the file paths in your code.

You have also to refresh the project in case you copied the files into the project folder from the file system.

Secondly, go to your SecurityConfiguration class file and add the /assets/** in it as follow (in case you had not done so):

//...Other code here
private static final String[] PUBLIC_MATCHERS = {
            "/",
//...other code ....
            "/assets/**"
    };

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests().
            antMatchers(PUBLIC_MATCHERS).
            permitAll().anyRequest().authenticated();

//other code...
}
}

If all these fail for your case try using the cdn for the bootstrap files, check this: Bootstrap If the cdn works for bootstrap then you know you have a problem either in your path reference or in your Security Configuration.

briancollins081
  • 342
  • 4
  • 11