CORS不适用于不同的URL

时间:2014-08-15 19:22:17

标签: java tomcat nginx cors

我有一个带有rest api的小型java应用程序。它已部署并可与http://1.1.1.1:8080/rest等网址一起使用。我也在那里启用了CORS过滤器,它可以找到它。

但我也想用“http://myhost.com/”这样的网址配置对我的API的访问。在这种情况下,CORS过滤器停止工作。

有什么想法吗?


UPD1
可用标题:

    response.setHeader("Access-Control-Allow-Origin", "*");
    response.setHeader("Access-Control-Allow-Methods", "POST, GET, PUT, DELETE");
    response.setHeader("Access-Control-Max-Age", "3600");


UPD2
更新了“Access-Control-Allow-Headers”:

        response.setHeader("Access-Control-Allow-Headers",
                    "x-requested-with, " +
                    "Content-Type, " +
                    "Host, " +
                    "User-Agent, " +
                    "Accept, " +
                    "Accept-Language, " +
                    "Accept-Encoding, " +
                    "Referer, " +
                    "Origin, " +
                    "Connection, " +
                    "Cache-Control");

请求:

GET /list HTTP/1.1
Host: myhost.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Firefox/31.0
Accept: */*
Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://mysecondhost.com/test.html
Origin: http://mysecondhost.com
Connection: keep-alive
Cache-Control: max-age=0


UPD3
看起来我们有nginx,其中包含以下标头配置:

        add_header 'Access-Control-Allow-Methods' 'GET,POST,DELETE,OPTIONS';
        add_header 'Access-Control-Allow-Credentials' 'true';
        add_header 'Access-Control-Allow-Origin' '*';
        add_header 'Access-Control-Allow-Headers' 'WD-Since,WD-Start,WD-Direction,WD-Length,WD-Ids,Content-Type,WD-Client-Id';
        add_header 'Access-Control-Expose-Headers' 'WD-Total-Length,WD-Phone-Modal,WD-Client-Id,WD-Udid,WD-Need-More';
        proxy_cache off;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://localhost:8080/rest/;


1 个答案:

答案 0 :(得分:2)

我花了很多时间阅读另一个stackoverflow和serverfault帖子...... 我找到了解决方案。

最有帮助的(对我而言)链接:link1 link2 link3 link4

解决方案很简单:我删除了#add ;header'来自nginx配置。之后我只在Web应用程序中进行CORS配置。

相关问题
最新问题