Spring REST& CORS支持不好打

时间:2014-09-22 22:04:08

标签: jquery spring spring-mvc cors

我已经使用Spring REST公开了一个API,并尝试从独立的jquery代码中发布数据。这是一个跨域请求。

我的配置如下

  

spring - 3.2.5.RELEASE,jquery - 1.10.2 

$.ajax({
            type:"POST",
            beforeSend: function (request)
            {
                request.setRequestHeader("Content-Type","application/json");
                request.setRequestHeader("Authorization", basic);
                request.setRequestHeader("Access-Control-Allow-Origin","*");

            },
            url: "http://localhost:8080/workflow/workflow-api/human",
            data: '{"id":"1","firstName":"Tito","lastName":"LastName"}',
            crossDomain:true,
            processData: false,
            success: function(msg) {

                console.log( "Login result:"+msg);
            }
    });

在Chrome开发者控制台中,我收到以下错误

XMLHttpRequest cannot load http://localhost:8080/stockingworkflow/workflow-api/human. Request header field Access-Control-Allow-Origin is not allowed by Access-Control-Allow-Headers.

在web.xml中,CORS过滤条目如下

<filter>
    <filter-name>cors</filter-name>
    <filter-class>com.workflow.security.CorsFilter</filter-class>
</filter>


<filter-mapping>
    <filter-name>cors</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

我的过滤器类如下

@Component  
public class CorsFilter  extends OncePerRequestFilter  {


    private static Logger logger = Logger.getLogger(AuthenticationService.class);

    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
                                    FilterChain filterChain) throws ServletException, IOException {

        logger.debug("<-----Inside CORS filter---->");


        if (request.getMethod().equals("OPTIONS")) {

            logger.debug("<-----Inside OPTIONS---->");
            response.addHeader("Access-Control-Allow-Origin","*");
            response.addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE");
            response.addHeader("Access-Control-Allow-Headers", "x-requested-with");
            response.addHeader("Access-Control-Max-Age", "1800");
        }



        filterChain.doFilter(request, response);
    }


}

我通过在浏览器中打开一个html文件来调用jquery ajax请求.html文件不是由服务器提供的。所以我的浏览器中的URL是

  

文件:/// C:/Users/3467/Desktop/workflow/index.html

由于我已经为跨域请求启用了过滤器,理想情况下jquery ajax请求应该已经有效。但它说:

  

请求标头字段不允许使用Access-Control-Allow-Origin   接入控制允许接头

在我的“网络”下的开发者控制台中,我看到OPTIONS GET请求是由浏览器发送的,它返回200 OK。意味着它击中了CORS过滤器。下面是请求&amp; Chrome开发者工具的响应标头。

Remote Address:127.0.0.1:8080
Request URL:http://localhost:8080/workflow/workflow-api/human
Request Method:OPTIONS
Status Code:200 OK

Request Headers

Accept:*/*
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8,hi;q=0.6,id;q=0.4,ms;q=0.2
Access-Control-Request-Headers:access-control-allow-origin, accept, authorization, content-type
Access-Control-Request-Method:POST
Cache-Control:max-age=0
Connection:keep-alive
DNT:1
Host:localhost:8080
Origin:null
User-Agent:Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.66 Safari/537.36

Response Headers

Access-Control-Allow-Headers:x-requested-with
Access-Control-Allow-Methods:GET, POST, PUT, DELETE
Access-Control-Allow-Origin:*
Access-Control-Max-Age:1800
Allow:GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
Content-Length:0
Date:Mon, 22 Sep 2014 21:54:29 GMT
Server:Apache-Coyote/1.1

我不知道什么是错的,我已经为CORS关注了许多SO和Spring REST博客。不知道我是否遗漏了什么。

3 个答案:

答案 0 :(得分:2)

2015年6月8日 - 突发新闻;) https://spring.io/blog/2015/06/08/cors-support-in-spring-framework

  

最近发布的Spring Framework 4.2 RC1为开箱即用的CORS提供了一流的支持,为您提供了比基于典型过滤器的解决方案更简单,更强大的配置方式。

如果您使用Spring Boot,请查看上一版本: https://spring.io/blog/2015/06/12/spring-boot-1-3-0-m1-available-now

答案 1 :(得分:0)

发送请求时,不应在客户端定义Access-Control-Allow-Origin标头,此标头只应添加到服务器的响应中。您的浏览器将自动添加Origin标头,指定请求的原始域。

还应更新您的过滤器实现,以便为actualpreflight请求添加CORS标头,而不管方法如何。一旦请求具有Origin标题,您应该立即将CORS标头添加到响应中。

答案 2 :(得分:0)

首先,将给定的过滤器添加到web.xml中。 然后,下载cors-filter-2.1.2.jar和java-property-utils-1.9.1并将它们添加到lib文件夹。

这应解决问题。

<filter>
    <filter-name>CORS</filter-name>
    <filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class>

    <init-param>
        <param-name>cors.allowGenericHttpRequests</param-name>
        <param-value>true</param-value>
    </init-param>

    <init-param>
        <param-name>cors.allowOrigin</param-name>
        <param-value>*</param-value>
    </init-param>

    <init-param>
        <param-name>cors.supportedMethods</param-name>
        <param-value>GET, POST, HEAD, PUT, DELETE</param-value>
    </init-param >

    <init-param>
        <param-name>cors.supportedHeaders</param-name>
        <param-value>*</param-value>
    </init-param>

</filter>

<filter-mapping>
        <filter-name>CORS</filter-name>
        <url-pattern>/*</url-pattern>
</filter-mapping>
相关问题
最新问题