我正在使用dropwizard应用程序并使用它来与api进行交互。我需要加载json数据来更新视图,但我必须在之前启用dropwizard中的cors。我做了一些工作人员,但似乎没有用,因为dropwizard总是返回204没有内容。
@Override
public void run(final BGConfiguration configuration, final Environment environment) throws Exception {
final Map<String, String> params = new HashMap<>();
params.put("Access-Control-Allow-Origin", "/*");
params.put("Access-Control-Allow-Credentials", "true");
params.put("Access-Control-Expose-Headers", "true");
params.put("Access-Control-Allow-Headers", "Content-Type, X-Requested-With");
params.put("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
environment.servlets().addFilter("cors", CrossOriginFilter.class).setInitParameters(params);
}
答案 0 :(得分:51)
此处的错误是,过滤器尚未通过addMappingForUrlPatterns方法配置了网址路径。
这对我使用dropwizard 0.7.1:
import org.eclipse.jetty.servlets.CrossOriginFilter;
import javax.servlet.DispatcherType;
import java.util.EnumSet;
public void run(Configuration conf, Environment environment) {
// Enable CORS headers
final FilterRegistration.Dynamic cors =
environment.servlets().addFilter("CORS", CrossOriginFilter.class);
// Configure CORS parameters
cors.setInitParameter("allowedOrigins", "*");
cors.setInitParameter("allowedHeaders", "X-Requested-With,Content-Type,Accept,Origin");
cors.setInitParameter("allowedMethods", "OPTIONS,GET,PUT,POST,DELETE,HEAD");
// Add URL mapping
cors.addMappingForUrlPatterns(EnumSet.allOf(DispatcherType.class), true, "/*");
}
我假设您正在浏览器中对此进行现场测试,但您可以通过CLI验证这样的curl命令:
$ curl -H "Origin: http://example.com" \
-H "Access-Control-Request-Method: POST" \
-H "Access-Control-Request-Headers: X-Requested-With" \
-X OPTIONS --verbose \
http://localhost:8080
您应该在响应中看到一堆Access-Control-*个HTTP标头。
答案 1 :(得分:7)
加入Mike Clarke的回答:
将CHAIN_PREFLIGHT_PARAM设置为 false 会让此过滤器处理预检请求,而不会使您的身份验证过滤器拦截200响应,并将其转换为未授权/禁止。< / p>
import org.eclipse.jetty.servlets.CrossOriginFilter;
import javax.servlet.DispatcherType;
import java.util.EnumSet;
public void run(Configuration conf, Environment environment) {
// Enable CORS headers
final FilterRegistration.Dynamic cors =
environment.servlets().addFilter("CORS", CrossOriginFilter.class);
// Configure CORS parameters
cors.setInitParameter("allowedOrigins", "*");
cors.setInitParameter("allowedHeaders", "X-Requested-With,Content-Type,Accept,Origin");
cors.setInitParameter("allowedMethods", "OPTIONS,GET,PUT,POST,DELETE,HEAD");
// Add URL mapping
cors.addMappingForUrlPatterns(EnumSet.allOf(DispatcherType.class), true, "/*");
// DO NOT pass a preflight request to down-stream auth filters
// unauthenticated preflight requests should be permitted by spec
cors.setInitParameter(CrossOriginFilter.CHAIN_PREFLIGHT_PARAM, Boolean.FALSE.toString());
}
我很惊讶我没有在包含此配置的互联网上找到任何示例。花了几天时间试图解决这个问题。
答案 2 :(得分:1)
对我来说,即使配置了上述内容,也无法正常工作。最终我发现我还必须允许缓存控制头。
if forbidden(from_node, to_node):
self.matrix[from_node][to_node] = penalty
else:
self.matrix[from_node][to_node] = distance(x1, y1, x2, y2)
答案 3 :(得分:0)
您可以尝试这样做:
final FilterRegistration.Dynamic cors =
environment.servlets().addFilter("CORS", CrossOriginFilter.class);
// Configure CORS parameters
// Configure CORS parameters
cors.setInitParameter("allowedOrigins", "*");
cors.setInitParameter("allowedHeaders", “<Headers>”);
cors.setInitParameter("allowedMethods", "OPTIONS,GET,PUT,POST,");
// Add URL mapping
cors.addMappingForUrlPatterns(EnumSet.allOf(DispatcherType.class), true, "/*");