我正在使用Ionic和Spring Boot 1.3.直到我升级到1.3才得到这个问题......
显然在更新到Spring Boot 1.3之后.CorsFilter完全被忽略了.所有这些弃用让我疯狂.所以我抬起了新的方式,这就是我得到的.
package app.config;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
@Configuration
@EnableWebMvc
public class WebConfig extends WebMvcConfigurerAdapter {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedOrigins("http://192.168.1.66:8101")
.allowCredentials(false)
.maxAge(3600)
.allowedHeaders("Accept", "Content-Type", "Origin", "Authorization", "X-Auth-Token")
.exposedHeaders("X-Auth-Token", "Authorization")
.allowedMethods("POST", "GET", "DELETE", "PUT", "OPTIONS");
}
}
上面的代码在应用程序的启动时被执行.与每次有请求时执行的CorsFilter不同.但是切换到Spring Boot 1.3,我不能再在链接过滤器中得到这个.
再次,代码正在加载,我设置了一个断点,每次调用addCorsMapping,所以进行设置.所以....为什么我仍然会收到此错误
XMLHttpRequest cannot load http://192.168.1.66:8080/login?username=billyjoe&password=happy. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://192.168.1.66:8101' is therefore not allowed access.
编辑 下面是我的旧CorsFilter.自从我更新到Spring Boot 1.3后它就不再有用了
package app.config;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;
@Component
public class CorsFilter implements Filter {
private final Logger log = LoggerFactory.getLogger(CorsFilter.class);
public CorsFilter() {
log.info("SimpleCORSFilter init");
}
@Override
public void doFilter(ServletRequest req,
ServletResponse res,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
String clientOrigin = request.getHeader("origin");
response.addHeader("Access-Control-Allow-Origin", clientOrigin);
response.setHeader("Access-Control-Allow-Methods", "POST, GET, DELETE, PUT");
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "Accept, Content-Type, Origin, Authorization, X-Auth-Token");
response.addHeader("Access-Control-Expose-Headers", "X-Auth-Token");
if (request.getMethod().equals("OPTIONS")) {
response.setStatus(HttpServletResponse.SC_OK);
} else {
chain.doFilter(request, response);
}
}
@Override
public void init(FilterConfig filterConfig) {
}
@Override
public void destroy() {
}
}
Ivan Aracki.. 6
你可以尝试这样的事情.它对我有用:
@Component
public class SimpleCORSFilter implements Filter {
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) res;
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, PUT, OPTIONS, DELETE, PATCH");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
chain.doFilter(req, res);
}
public void init(FilterConfig filterConfig) {}
public void destroy() {}
}
numerical25.. 5
弄清楚了.我正在使用CustomToken登录并出于某种原因使用自定义登录身份验证时,1.3及更高版本的新配置不会使用Access-Control-Allow-Origin设置响应.所以在我的自定义登录中,我必须添加响应头.
httpServletResponse.addHeader("Access-Control-Allow-Origin", "http://192.168.1.66:8080");
在旧版本的Spring中,CorsFilter设置在过滤器中,因此每次调用时都会设置它.似乎New Configs仅在正确调用Controller时才起作用,但由于登录是在Filters而不是Controller中处理的,因此永远不会设置响应体.它适当地验证用户Access-Control-Allow-Origin
你可以尝试这样的事情.它对我有用:
@Component
public class SimpleCORSFilter implements Filter {
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) res;
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, PUT, OPTIONS, DELETE, PATCH");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
chain.doFilter(req, res);
}
public void init(FilterConfig filterConfig) {}
public void destroy() {}
}
弄清楚了.我正在使用CustomToken登录并出于某种原因使用自定义登录身份验证时,1.3及更高版本的新配置不会使用Access-Control-Allow-Origin设置响应.所以在我的自定义登录中,我必须添加响应头.
httpServletResponse.addHeader("Access-Control-Allow-Origin", "http://192.168.1.66:8080");
在旧版本的Spring中,CorsFilter设置在过滤器中,因此每次调用时都会设置它.似乎New Configs仅在正确调用Controller时才起作用,但由于登录是在Filters而不是Controller中处理的,因此永远不会设置响应体.它适当地验证用户Access-Control-Allow-Origin
京公网安备 11010802040832号 | 京ICP备19059560号-6 