即使启用了CORS,POST也会被阻止

时间:2015-03-04 13:01:16

标签: java javascript angularjs spring-mvc cors

我已根据SpringMVC指南创建了SimpleCORSFilter以允许CORS:

@Component
public class SimpleCORSFilter implements Filter {

    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
        HttpServletResponse response = (HttpServletResponse) res;
        response.setHeader("Access-Control-Allow-Origin", "*");
        response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT");
        response.setHeader("Access-Control-Max-Age", "3600");
        response.setHeader("Access-Control-Allow-Headers", "x-requested-by");
        chain.doFilter(req, res);
    }
}

POST和PUT请求的控制器代码如下:

@RequestMapping(
        produces = MediaType.APPLICATION_JSON_VALUE,
        method = RequestMethod.PUT,
        value = "admin/tile/{id}"
)
public boolean saveNewTile(@PathVariable("id") String id) {
    ContextEntity contextEntity = new ContextEntity("tile", id);
    //TODO: USE CUSTOM DATABASE
    contextEntityDAO.save(contextEntity);

    return true;
}

@RequestMapping(
        produces = MediaType.APPLICATION_JSON_VALUE,
        method = RequestMethod.POST,
        value = "admin/tile/{id}"
)
public boolean updateTile(@PathVariable("id") String id, @RequestParam(required = false) ContextAttribute[] atts) {
    ContextEntity contextEntity = contextEntityDAO.findById(id);
    contextEntity.addContextAttributes(atts);

    contextEntityDAO.save(contextEntity);
    return true;
}

使用AngularJS v1.3.14我可以执行GET和PUT请求,但是当我尝试执行POST时,Firefox会通知我该请求已被阻止,因为同源策略...

这部分工作正常,例如

$scope.onTestOnlyClick = function() {
  $http.put('http://localhost:8080/admin/tile/' + tile.id)
};

但是,当我这样做时

$http.post('http://localhost:8080/admin/tile/' + tile.id, contextAtts);

无法完成请求,这两行都在同一个控制器中!

这是我在Firebug中看到的,出于某种原因,当我执行POST时,Firebug只显示OPTIONS请求,之后没有POST。 enter image description here

感谢。

2 个答案:

答案 0 :(得分:1)

内容类型添加到过滤器中的 Access-Control-Allow-Headers 。在我的本地测试成功。

response.setHeader("Access-Control-Allow-Origin", "*");
    response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
    response.setHeader("Access-Control-Max-Age", "3600");
    response.setHeader("Access-Control-Allow-Headers", "Content-Type, Origin, Cache-Control, X-Requested-With");
    response.setHeader("Access-Control-Allow-Credentials", "true");

答案 1 :(得分:0)

尝试这样做 - 

@Component
public class SimpleCORSFilter implements Filter {

    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
        HttpServletResponse response = (HttpServletResponse) res;
        response.setHeader("Access-Control-Allow-Origin", "*");
        response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT");
        response.setHeader("Access-Control-Max-Age", "3600");
        response.setHeader("Access-Control-Allow-Headers", "x-requested-by");
        chain.doFilter(req, res);
        return;
     }
}
相关问题
最新问题