访问Spring引导服务器时,显示以下错误:
Access to XMLHttpRequest at 'http://localhost:8080/oauth/token' from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.
我的配置是
http.cors();
CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Arrays.asList("http://localhost:4200"));
configuration.setAllowedMethods(Arrays.asList("GET","POST","OPTIONS"));
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}```
答案 0 :(得分:0)
如果您这样提供,Springboot基本上会处理cors配置,但在这种情况下,可能是因为spring安全未在响应标头中添加Access-Control-Allow-Origin之类的CORS标头。当您进行ajax请求时,<最初会向服务器发出strong> flight 检查请求,然后服务器会使用一组标头进行响应,这些标头用于确定服务器是否支持cors请求。
当您添加cors配置时,Spring MVC现在将处理来自浏览器的飞行前检查,但是我们需要告知Spring Security允许它通过,您可以通过添加像您这样的cors配置bean来完成提供,但您需要将http.cors设置为:
http.cors().and().authorizeRequests()
.anyRequest().authenticated();
以便对飞行前请求进行身份验证。
如果问题仍然存在(通过添加自定义过滤器): 因此,尝试添加一个过滤器以正确设置CORS标头(例如,根据需要从端点返回正确设置标头):
public class CorsFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) servletResponse;
HttpServletRequest request= (HttpServletRequest) servletRequest;
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Methods", "GET,POST,DELETE,PUT,OPTIONS");
response.setHeader("Access-Control-Allow-Headers", "*");
response.setHeader("Access-Control-Allow-Credentials", true);
response.setHeader("Access-Control-Max-Age", 180);
filterChain.doFilter(servletRequest, servletResponse);
}
@Override
public void destroy() {
}
}
在配置中设置http.cors()时,它将从弹簧安全性中排除飞行前检查。