我知道有关同一问题的帖子很多,但没有解决我的问题。
我有一个带有以下API
的Springboot微服务应用程序@RestController
@RequestMapping({ "/sample" })
public class SampleController {
@CrossOrigin(origins = "http://192.168.0.31:8080", allowCredentials = "false", allowedHeaders = "*")
//@CrossOrigin//(allowCredentials = "false")
@RequestMapping(value="/welcome" , method=RequestMethod.POST, produces={"application/json"})
public JSONObject getWelcomeResponse(@RequestParam Map<String,String> request){
JSONObject response=new JSONObject();
response.put("response", "Welcome user");
System.out.println("Complterd ****");
return response;
}
}
属性文件
server.port=8081
security.user.name=test
security.user.password=test123
#security.basic.enabled=false
我的客户端代码
$(document).ready(function(){
$.ajax({
url: "http://192.168.0.31:8081/sample/welcome",
type : "POST",
crossDomain:true,
crossOrigin:true,
beforeSend: function (xhr) {
// Use BASIC Authentication
xhr.setRequestHeader ("Authorization", "Basic " + btoa("test:test123"));
},
error: function(xhr, status, errorThrown) {
alert(status, errorThrown);
// Error block
console.log("xhr: " + xhr);
console.log("status: " + status);
console.log("errorThrown: " + errorThrown);
}
})
.then(function(data, status, xhr) {
alert(data);
console.log("xhr: " + xhr);
console.log("status: " + status);
console.log("data: "+ data);
$('.message').append(JSON.stringify(data));
});
});
当我禁用基本验证时,CORS请求可以正常工作。但是,如果启用了它,则会给出401前请求错误。
我也尝试过默认情况下的@crossorigin以及自定义的方式。但是得到相同的错误。还尝试了下面的过滤器类。
@EnableWebMvc
public class MyAppConfigurations implements Filter {
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
HttpServletResponse httpResponse = (HttpServletResponse) response;
HttpServletRequest httpRequest = (HttpServletRequest) request;
if("OPTIONS".equalsIgnoreCase(httpRequest.getMethod())) {
httpResponse.setStatus(HttpServletResponse.SC_OK);
System.out.println("filterde response");
} else {
chain.doFilter(request, response);
}
}
}
有人可以帮助我弄清楚,我在此代码上缺少什么。
您必须为Spring MicroService
CORS FILTER
import org.springframework.core.Ordered;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@Component
@Order(Ordered.HIGHEST_PRECEDENCE)
public class CorsFilter implements Filter {
@Override
public void doFilter(ServletRequest req, ServletResponse res,
FilterChain filterChain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) res;
HttpServletRequest request = (HttpServletRequest) req;
if (response instanceof HttpServletResponse) {
addCorsHeader(response);
if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {
response.setStatus(HttpServletResponse.SC_OK);
} else {
filterChain.doFilter(req, res);
}
}
}
private void addCorsHeader(HttpServletResponse response) {
response.addHeader("Access-Control-Allow-Origin", "http://localhost:4200"); // Update with yours
response.addHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE, HEAD");
response.addHeader("Access-Control-Allow-Credentials", "true");
response.addHeader("Access-Control-Allow-Headers", "Authorization, X-PINGOTHER, Origin, X-Requested-With, Content-Type, Accept");
response.addHeader("Access-Control-Max-Age", "1728000");
}
@Override
public void destroy() {
}
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
}
添加@crossorigin
@RequestMapping({ "/sample" })
@CrossOrigin(origins = "http://192.168.0.31:8080")
public class SampleController {
尝试添加您的/welcome
REST控制器
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "x-requested-with");
根据CORS规范,必须在没有任何身份验证的情况下接受CORS Preflight请求。
您必须配置Web服务器或Spring Security,以禁用与Preflight有关的所有OPTIONS
请求。