原因:缺少CORS头’Access-Control-Allow-Origin’ / Spring Boot

huangapple go评论103阅读模式
英文:

Reason: CORS header ‘Access-Control-Allow-Origin’ missing / Spring Boot

问题

我有一个基本的Spring Boot REST应用程序和Angular应用程序。(使用JWT)

但是,由于以下错误,我无法进行任何请求:(即使我在响应头中添加了 "Access-Control-Allow-Origin", "*"

  1. 跨源请求被阻止:同源策略不允许读取位于 http://localhost:8080/api/login 的远程资源。(原因:缺少CORS头 'Access-Control-Allow-Origin')。
  2. 跨源请求被阻止:同源策略不允许读取位于 http://localhost:8080/api/login 的远程资源。(原因:CORS请求未成功)。

以下是安全配置:

  1. public class AuthTokenFilter extends OncePerRequestFilter {
  2. // ...
  3. }
  4. @Configuration
  5. @EnableWebSecurity
  6. @EnableGlobalMethodSecurity(
  7. // securedEnabled = true,
  8. // jsr250Enabled = true,
  9. prePostEnabled = true)
  10. public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
  11. @Override
  12. protected void configure(HttpSecurity http) throws Exception {
  13. http
  14. .cors().and().csrf().disable()
  15. .authorizeRequests()
  16. .antMatchers(WebUrls.API.API + WebUrls.LOGIN.LOGIN,
  17. WebUrls.API.API + WebUrls.LOGIN.REGISTER,
  18. WebUrls.API.API + WebUrls.LOGIN.REFRESH_TOKEN)
  19. .permitAll()
  20. .anyRequest().authenticated();
  21. http.addFilterBefore(authJwtTokenFilter(), UsernamePasswordAuthenticationFilter.class);
  22. http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
  23. }
  24. }

以下是我添加CORS头的地方:

  1. @Component
  2. public class MyCorsFilter implements Filter {
  3. @Override
  4. public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
  5. HttpServletResponse response = (HttpServletResponse) servletResponse;
  6. response.setHeader("Access-Control-Allow-Origin", "*");
  7. response.setHeader("Access-Control-Allow-Methods", "GET, PUT, POST, DELETE, OPTIONS");
  8. response.setHeader("Access-Control-Allow-Headers", "*");
  9. filterChain.doFilter(servletRequest, servletResponse);
  10. }
  11. }
英文:

I have a basic spring boot rest application and angular application. (Using JWT)

However, I can not make any request because of this error:(even I add "Access-Control-Allow-Origin", "*" to response header

  1. Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:8080/api/login. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).
  2. Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:8080/api/login. (Reason: CORS request did not succeed).

Here is the security configuration:

  1. public class AuthTokenFilter extends OncePerRequestFilter {
  2. // ...
  3. }
  4. @Configuration
  5. @EnableWebSecurity
  6. @EnableGlobalMethodSecurity(
  7. // securedEnabled = true,
  8. // jsr250Enabled = true,
  9. prePostEnabled = true)
  10. public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
  11. @Override
  12. protected void configure(HttpSecurity http) throws Exception {
  13. http
  14. .cors().and().csrf().disable()
  15. .authorizeRequests()
  16. .antMatchers(WebUrls.API.API + WebUrls.LOGIN.LOGIN,
  17. WebUrls.API.API + WebUrls.LOGIN.REGISTER,
  18. WebUrls.API.API + WebUrls.LOGIN.REFRESH_TOKEN)
  19. .permitAll()
  20. .anyRequest().authenticated();
  21. http.addFilterBefore(authJwtTokenFilter(), UsernamePasswordAuthenticationFilter.class);
  22. http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
  23. }
  24. }

Here is the place where I am adding cors headers:

  1. @Component
  2. public class MyCorsFilter implements Filter {
  3. @Override
  4. public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
  5. HttpServletResponse response = (HttpServletResponse) servletResponse;
  6. response.setHeader("Access-Control-Allow-Origin", "*");
  7. response.setHeader("Access-Control-Allow-Methods", "GET, PUT, POST, DELETE, OPTIONS");
  8. response.setHeader("Access-Control-Allow-Headers", "*");
  9. filterChain.doFilter(servletRequest, servletResponse);
  10. }
  11. }

答案1

得分: 2

请尝试以下配置使其正常工作。这将允许来自任何源的CORS请求访问应用程序中的任何端点。

  1. @Configuration
  2. @EnableWebMvc
  3. public class WebConfig implements WebMvcConfigurer {
  4. @Override
  5. public void addCorsMappings(CorsRegistry registry) {
  6. registry.addMapping("/**");
  7. }
  8. }
英文:

Please try the below configuration to make this work. This enables CORS requests from any origin to any endpoint in the application.

  1. @Configuration
  2. @EnableWebMvc
  3. public class WebConfig implements WebMvcConfigurer {
  4. @Override
  5. public void addCorsMappings(CorsRegistry registry) {
  6. registry.addMapping("/**");
  7. }
  8. }

huangapple
  • 本文由 发表于 2020年10月11日 08:47:19
  • 转载请务必保留本文链接:https://go.coder-hub.com/64299652.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定