I'm trying to set CORS Headers for my play framework app. Specifically I'm getting this error
cannot load http://127.0.0.1:9000/. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:9000' is therefore not allowed access.
I figured I could easily handle this by following these instructions: https://www.playframework.com/documentation/2.5.x/CorsFilter
However, after doing this. nothing has changed.
curl -I localhost:9000/
HTTP/1.1 200 OK
Content-Length: 4540
Content-Type: text/html; charset=utf-8
Date: Mon, 11 Jul 2016 20:03:33 GMT
My conf is:
play.http.filters = "global.Filters"
play.filters.cors {
allowedOrigins = ["http://www.example.com", "*"]
allowedHttpMethods = ["GET", "POST"]
allowedHttpHeaders = ["Accept"]
}
and my Filters.scala file is:
package global
import javax.inject.Inject
import play.api.http.DefaultHttpFilters
import play.filters.cors.CORSFilter
class Filters @Inject() (corsFilter: CORSFilter)
extends DefaultHttpFilters(corsFilter)
If someone could tell me why the filters don't seem to be getting applied to the responses, that'd be great.
答案 0 :(得分:13)
播放过滤器非常诱人,但是当它们没有按预期工作时,正如您所注意到的那样,魔术并不容易追踪。
我更喜欢使用这样的东西:
implicit class RichResult (result: Result) {
def enableCors = result.withHeaders(
"Access-Control-Allow-Origin" -> "*"
, "Access-Control-Allow-Methods" -> "OPTIONS, GET, POST, PUT, DELETE, HEAD" // OPTIONS for pre-flight
, "Access-Control-Allow-Headers" -> "Accept, Content-Type, Origin, X-Json, X-Prototype-Version, X-Requested-With" //, "X-My-NonStd-Option"
, "Access-Control-Allow-Credentials" -> "true"
)
}
然后您可以在响应中轻松调用它:
Ok(Json.obj("ok" -> "1")).enableCors
这很容易理解,只能放在你想要启用CORS的地方,并且非常容易调试!
答案 1 :(得分:3)
对我而言,它在一天之后起作用(可能是现金或其他东西)
application.conf:
play.http.filters = "filters.Filters"
play.filters.cors {
# allow all paths
pathPrefixes = ["/"]
# allow all origins (You can specify if you want)
allowedOrigins = null
allowedHttpMethods = ["GET", "POST"]
# allow all headers
allowedHttpHeaders = null
}
build.sbt:
val appDependencies = Seq(
filters,
....
)
。过滤器:
package filters;
import javax.inject.Inject;
import play.mvc.EssentialFilter;
import play.filters.cors.CORSFilter;
import play.http.DefaultHttpFilters;
public class Filters extends DefaultHttpFilters {
CORSFilter corsFilter;
@Inject
public Filters(CORSFilter corsFilter) {
super(corsFilter);
this.corsFilter = corsFilter;
}
public EssentialFilter[] filters() {
return new EssentialFilter[] { corsFilter.asJava() };
}
}
在我的ajax电话中:
$.ajax({
method:'GET',
url: xxxxxxxx',
dataType: 'json',
headers: {'url': yyyyy,
'Access-Control-Allow-Origin': '*',
'Access-Control-Allow-Methods': 'GET, POST, PUT',
'Access-Control-Allow-Headers': 'Content-Type'
},
success: function(data) {
....});
我没有更多的错误,刺激和当地环境!!谢谢大家
答案 2 :(得分:1)
我不建议编写/使用任何代码来启用CORS,这基本上是一个框架功能,只需要配置。
您从文档中复制的内容是正确的:
cors.conf您修改play.filters.cors设置的位置。但是你似乎错误配置了一些东西,例如allowedOrigin = *应在配置中配置为null。 (请查看documentation page和关联的reference.conf) # The allowed origins. If null, all origins are allowed.
play.filters.cors.allowedOrigins = null
CORSFilter Filters.scala
curl -H "Origin: http://example.com" \
-H "Access-Control-Request-Method: GET" \
-H "Access-Control-Request-Headers: X-Requested-With" \
-X OPTIONS --verbose \
http://localhost:9000/