在Spring Data Rest中启用跨源请求

时间:2017-03-07 15:37:47

标签: java spring spring-boot spring-data-rest

我有一个使用Angular 2和Spring Boot开发的Web应用程序。我使用spring-boot-data-rest依赖项将我的存储库公开为HTTP端点。

在开发期间,我在端口8080上运行的本地tomcat上运行我的后端spring启动项目。为了开发前端,我使用angular-cli在端口4200上运行我的Angular 2应用程序。我的前端运行在4200上需要能够击中8080​​上暴露的端点,但这不起作用,因为:

  

请求的资源上没有“Access-Control-Allow-Origin”标头。因此,不允许原点“http://localhost:4200”访问。

如果这些是我在@RestController中手动输入的自定义端点,我可以简单地添加@CrossOrigin注释:

@RestController
public class MyController {
    @CrossOrigin(origins = "http://localhost:4200")
    @RequestMapping(value = "/whatever")
    public void whatever() {
        //whatever
    }
}

但我显然不能为spring-boot-data-rest公开的端点做到这一点。那么,我如何才能从http://localhost:4200来源访问这些端点?

2 个答案:

答案 0 :(得分:7)

我使用自定义CORS过滤器使其工作:

/**
 * Filter for enabling CORS support.
 */
@Component
public class CorsFilter extends OncePerRequestFilter {

    @Override
    protected void doFilterInternal(final HttpServletRequest request, final HttpServletResponse response,
                                    final FilterChain filterChain) throws ServletException, IOException {
        response.addHeader("Access-Control-Allow-Origin", "*");
        response.addHeader("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT, PATCH, HEAD, OPTIONS");
        response.addHeader("Access-Control-Allow-Headers", "Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers");
        response.addHeader("Access-Control-Expose-Headers", "Access-Control-Allow-Origin, Access-Control-Allow-Credentials");
        response.addHeader("Access-Control-Allow-Credentials", "true");
        response.addIntHeader("Access-Control-Max-Age", 10);
        filterChain.doFilter(request, response);
    }
}

答案 1 :(得分:0)

也许您可以使用以下组件来启用CORS请求。 它全局应用于应用程序

@Component
@Order(Ordered.HIGHEST_PRECEDENCE)
public class SimpleCorsFilter implements Filter {

  public SimpleCorsFilter() {
  }

  @Override
  public void destroy() {
  }

  @Override
  public void doFilter(final ServletRequest req, final ServletResponse res, final FilterChain chain) throws IOException, ServletException {
    final HttpServletResponse response = (HttpServletResponse) res;
    final HttpServletRequest request = (HttpServletRequest) req;
    response.setHeader("Access-Control-Allow-Origin", "*");
    response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
    response.setHeader("Access-Control-Max-Age", "3600");
    response.setHeader("Access-Control-Allow-Headers", "x-requested-with, authorization, token");

    if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {
      response.setStatus(HttpServletResponse.SC_OK);
    } else {
      chain.doFilter(req, res);
    }
  }

  @Override
  public void init(final FilterConfig filterConfig) {
  }
}
相关问题
最新问题