我尝试了几种方法来设置CORS标头:
什么都没有用!!!
有人可以帮助我。这是第一种方法......
的web.xml
<!-- Spring Container -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextClass</param-name>
<param-value>org.springframework.web.context.support.AnnotationConfigWebApplicationContext</param-value>
</context-param>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>de.hotelonlineportal.config.AppConfig</param-value>
</context-param>
<!-- Device Detection -->
<filter>
<filter-name>deviceResolverRequestFilter</filter-name>
<filter-class>org.springframework.mobile.device.DeviceResolverRequestFilter</filter-class>
</filter>
<!-- Rest Dispatcher -->
<servlet>
<servlet-name>rest-dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value></param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>rest-dispatcher</servlet-name>
<url-pattern>/rest/*</url-pattern>
</servlet-mapping>
<!-- Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<!-- CORS Filter -->
<filter>
<filter-name>cors-filter</filter-name>
<filter-class>de.hotelonlineportal.security.CORSFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>cors-filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
CORSFilter.java
public class CORSFilter implements Filter {
private static Logger logger = LogManager.getLogger(CORSFilter.class);
public CORSFilter() {
logger.info("SimpleCORSFilter init");
}
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin"));
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS,DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "Content-Type, Accept, X-Requested-With, remember-me");
chain.doFilter(req, res);
}
@Override
public void init(FilterConfig filterConfig) {
}
@Override
public void destroy() {
}
}
如果调用HTTP请求,则过滤器已成功应用,但仍然无法使用任何Access-Control *标头。
Chrome调试器在控制台中显示了这一点:
XMLHttpRequest无法加载 http://localhost:8080/hop-backend/rest/shop/listHotelsLandingPage。没有 &#39;访问控制允许来源&#39;标题出现在请求的上 资源。起源&#39; http://localhost:9000&#39;因此是不允许的 访问。响应的HTTP状态代码为500。
答案 0 :(得分:0)
检查您是否正在使用tomcat。 尝试使用tomcat-CORSFilter。
使用filter和init-param如下:
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
</init-param>
<init-param>
<param-name>cors.exposed.headers</param-name>
<param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
</init-param>
<init-param>
<param-name>cors.support.credentials</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.preflight.maxage</param-name>
<param-value>10</param-value>
</init-param>
</filter>
<!-- CORS Filter -->
<filter>
<filter-name>cors-filter</filter-name>
<filter-class>de.hotelonlineportal.security.CORSFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>cors-filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>