GET请求由CORS策略阻止。

huangapple go评论98阅读模式
英文:

GET requests blocked by CORS policy

问题

I have deployed a full-stack ecommerce application to AWS. This app consists of an Angular frontend and a Spring Boot application that exposes certain REST API endpoints, such as Products and Product Categories.

  • I've configured the backend so that one API in particular, Orders, is only accessible to applications that have an access token.

  • In my Angular frontend, I've implemented an interceptor to add an access token to the request for the Orders API.

My REST API and Angular app are each fronted by a CloudFront distribution:

For the REST API dist., I configured CORS to allow GET requests from all origins.

I visit https://myshop.com and click the Orders link, thus making a GET request to the Orders API so I can retrieve a customer's orders, but no orders are listed. I check the Dev Tools console to discover the following errors:

Access to XMLHttpRequest at 'https://myshopapi.com/api/orders' from origin 'https://myshop.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
GET https://myshopapi.com/api/orders net:: ERR_FAILED

The problem is that when https://myshop.com sends GET requests to my other REST APIs, I don't have ANY issues. I only get these errors when I try to access the Orders API.

英文:

I have deployed a full-stack ecommerce application to AWS. This app consists of an Angular frontend and a Spring Boot application that exposes certain REST API endpoints, such as Products and Product Categories.

  • I've configured the backend so that one API in particular, Orders, is only accessible to applications that have an access token.

  • In my Angular frontend, I've implemented an interceptor to add an access token to the request for the Orders API.

My REST API and Angular app are each fronted by a CloudFront distribution:

For the REST API dist., I configured CORS to allow GET requests from all origins.

I visit https://myshop.com and click the Orders link, thus making a GET request to the Orders API so I can retrieve a customer's orders, but no orders are listed. I check the Dev Tools console to discover the following errors:

Access to XMLHttpRequest at 'https://myshopapi.com/api/orders' from origin 'https://myshop.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
GET https://myshopapi.com/api/orders net:: ERR_FAILED

The problem is that when https://myshop.com sends GET requests to my other REST APIs, I don't have ANY issues. I only get these errors when I try to access the Orders API.

答案1

得分: 0

跨域请求是 Options 而不是 Get,应配置CORS以允许所有来源的 GETOptions 请求。请参考 https://developer.mozilla.org/en-US/docs/Glossary/Preflight_request

另请参考 https://stackoverflow.com/questions/29954037/why-is-an-options-request-sent-and-can-i-disable-it

英文:

preflight request is Options NOT Get
you should configured CORS to allow GET and Options requests from all origins
see https://developer.mozilla.org/en-US/docs/Glossary/Preflight_request

see also https://stackoverflow.com/questions/29954037/why-is-an-options-request-sent-and-can-i-disable-it

huangapple
  • 本文由 发表于 2023年3月20日 23:32:02
  • 转载请务必保留本文链接:https://go.coder-hub.com/75792258.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定