我在REST中有一个安全的端点,它需要JWT令牌来获取信息。我为整个控制器启用了CORS。我想知道不是所有不安全的端点都不会出现cors错误。
@RestController
@RequestMapping("/api")
@CrossOrigin(origins = "*",allowedHeaders = "*")
public class CustomerDetailsRestController {
@Autowired
private CustomerDetailsService customerDetailsService;
@Autowired
private JwtRequestFilter jwtTokenFilter;
@GetMapping("/userdetails")
public CustomerSpecificDetails findCustomerDetails(){
String userid=jwtTokenFilter.getUsername();
System.out.println(userid);
return customerDetailsService.getCustomerDetails(userid);
}
}
我的服务如下所示。
@Injectable()
export class UserDetailsService {
userDetailsUrl = 'http://localhost:8080/api/userdetails';
constructor(private http: HttpClient) { }
getUserDetails(): Observable<UserDetails> {
const headerData = {
'security': 'Basic ' + localStorage.getItem('token')
};
console.log(headerData.security);
const reqHeaders = new HttpHeaders(headerData);
return this.http.get<UserDetails>(this.userDetailsUrl, {headers : reqHeaders});
}