在OPTIONS预检

时间:2015-07-21 20:13:52

标签: spring http-headers spring-boot cors preflight

我有一个Spring Boot REST应用程序,它上面有一个非常简单的CORS过滤器。我想要做的是动态响应Access-Control-Request-Headers标头中的值,而不是提供特定的列表。常识似乎是明确设置了" Access-Control-Allow-Headers"中返回的值,但是我们将白名单列出一组来源并希望允许他们发送的任何标题。我无法找到一种方法来遏制Access-Control-Request-Headers中Access-Control-Allow-Headers的值。

这是代码

   @Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
    throws IOException, ServletException {

    HttpServletResponse response = (HttpServletResponse) servletResponse;
    response.setHeader("Access-Control-Allow-Origin", "*");
    response.setHeader("Access-Control-Allow-Methods", "POST, PUT, GET, DELETE, OPTIONS"); // will need to enable other methods when/as implemented
    response.setHeader("Access-Control-Max-Age", "3600");
    response.setHeader("Access-Control-Allow-Headers",
        ((HttpServletRequest) servletRequest).getHeader("Access-Control-Request-Headers"));
    filterChain.doFilter(servletRequest, servletResponse);
}

有了这个请求&来自Chrome的回复(当我们对Access-Control-Allow-Headers的值进行硬编码时)

Remote Address:10.199.240.16:443
Request URL:https://myapp.com/gradebooks/5566669e-e4b0-d05e-0150-98d7ffffffff/assignments/3ad7f1e7-679b-4d8b-856e-d2e3589eaad6
Request Method:OPTIONS
Status Code:200 OK

Response Headers
    view source
    Access-Control-Allow-Methods → POST, PUT, GET, DELETE, OPTIONS
    Access-Control-Max-Age → 3600
    Content-Type → application/hal+json; charset=UTF-8
    Date → Tue, 21 Jul 2015 20:42:29 GMT
    Server → Jetty(9.2.9.v20150224)
    Transfer-Encoding → chunked
    X-Application-Context → application

Request Headers
    view source
    Accept:*/*
    Accept-Encoding:gzip, deflate, sdch
    Accept-Language:en-US,en;q=0.8
    Access-Control-Request-Headers:accept, content-type
    Access-Control-Request-Method:PUT
    Connection:keep-alive
    Host:gbservices-api.dev-prsn.com
    Origin:http://localhost:3000
    Referer:http://localhost:3000/
    User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.134 Safari/537.36

这是错误

  

XMLHttpRequest无法加载   https://myapp.com/gradebooks/5566669e-e4b0-d05e-0150-98d7ffffffff/assignments/3ad7f1e7-679b-4d8b-856e-d2e3589eaad6。   请求标头字段不允许使用Content-Type   接入控制允许集管。

我发现在过滤器中调试的是Access-Control-Request-Headers,只有那个头,在到达过滤器时就丢失了。拼错了标题并且它到了,所以似乎有什么东西拦截了标题并在它到达我的过滤器之前将其丢弃...

0 个答案:

没有答案
相关问题
最新问题