Vaadin 14 with Spring Security: Login page not loading

avinash25 · July 25, 2019, 8:44am

Hello,
I got the latest Vaadin 14 starter pack and added a LoginOverlay and configured Spring Security same as the Bakery App. I am running into the below issue when accessing the login page.

The resource from “http://localhost:8080/login” was blocked due to MIME type (“text/html”) mismatch (X-Content-Type-Options: nosniff).
Loading failed for the <script> with source “http://localhost:8080/VAADIN/build/webcomponentsjs/webcomponents-loader.js”.

Loading module from “http://localhost:8080/login” was blocked because of a disallowed MIME type (“text/html”).
Loading failed for the module with source “http://localhost:8080/VAADIN/build/vaadin-bundle-bbf2c79874502dc043fb.cache.js”.

Strangely the page loads properly when the browser cache is cleared.

guillermo.alvarez · August 6, 2019, 1:48pm

Are you allowing access to static resources /VAADIN/** in your Spring security configuration?
That could explain why MIME type is “text/html” for a .js file, server could be replying with a not authorized error page instead of the requested file.
In Bakery it’s done in SecurityConfiguration in the configure(WebSecurity web) method

Emil40 · September 2, 2019, 10:31am

Had the same problem every second load. Compared with the Bakery App and found @SpringBootApplication(exclude = ErrorMvcAutoConfiguration.class) in the Application.java. Adding this exclusion solved the problem.

avinash25 · September 3, 2019, 9:44am

Thank you Emil, add the exclusion worked.