我有以下配置,基于这里的例子 https://docs.spring.io/spring-security/site/docs/current/reference/html/cors.html
@Override
public void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().authenticated()
.and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.csrf().disable()
.cors();
}
@Bean
CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Arrays.asList("https://example.com"));
configuration.setAllowedMethods(Arrays.asList("GET","POST"));
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
但是当我对此进行测试时,我仍然可以从本地主机访问它,没有问题。就像 cors 根本没有被激活一样。
编辑:我应该补充一点,我正在使用Spring OAuth2,这个配置位于我的ResourceServerConfigurerAdapter
你用@component注释过你的类吗?这就是您初始化 CORS 筛选器的类?