' Access-Control-Allow-Origin'标头包含多个值' *,*',但只允许一个。在Chrome和Firefox中

时间:2015-01-04 17:07:53

标签: angularjs http post

我收到错误:' Access-Control-Allow-Origin'标题包含多个值' *,*',但只允许一个。当我从我的应用程序进行Post Service调用时。

这不是webapi服务电话的问题,因为当我跟踪来自fiddler的电话时,我得到结果200 。但是从$ http.post调用即使在我获得200结果后也会抛出错误。我不知道为什么。它适用于IE,但它不适用于Chrome或Firefox。

在chrome和Firefox中抛出我: XMLHttpRequest无法加载** url 。 ' Access-Control-Allow-Origin'标头包含多个值' *,*',但只允许一个。因此,不允许来源 url 访问。**

请建议我需要将Chrome和Firefox中的哪些设置更改为符文。



  $http.post(serviceBase + 'token', data, { headers: { 'Content-Type': 'application/x-www-form-urlencoded' } }).success(function (response) {
            
            if (loginData.useRefreshTokens) {
                localStorageService.set('authorizationData', { token: response.access_token, userName: loginData.userName, refreshToken: response.refresh_token, useRefreshTokens: true });
            }
            else {
                localStorageService.set('authorizationData', { token: response.access_token, userName: loginData.userName, refreshToken: "", useRefreshTokens: false });
            }
            _authentication.isAuth = true;
            _authentication.userName = loginData.userName;
            _authentication.useRefreshTokens = loginData.useRefreshTokens;

            deferred.resolve(response);

        }).error(function (err, status) {
            _logOut();
            deferred.reject(err);
        });




1 个答案:

答案 0 :(得分:0)

如果您使用JAVA作为后端服务,则可能需要对HTTPRequests应用CORS过滤器。您可以通过添加如下所示的filterClass来完成此操作...

    @Component
public class CorsFilter extends OncePerRequestFilter{
    protected static  Logger logger = LoggerFactory.getLogger(CorsFilter.class);

    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
            throws ServletException, IOException {
         logger.info("entering FILTER page");

         if (request.getHeader("Access-Control-Request-Method") != null && "OPTIONS".equals(request.getMethod())) {
            // CORS "pre-flight" request
            response.addHeader("Access-Control-Allow-Origin", "*");
            response.addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
            response.setHeader("Access-Control-Allow-Headers", "x-requested-with");
            response.addHeader("Access-Control-Max-Age", "1800");//30 min
        }
        //This will filter your requests and responses.
        filterChain.doFilter(request, response);
    }

}