浏览器没有发送请求(CORS配置)
我已经深入研究了CORS配置。浏览器尝试在发送"real"请求之前请求发送CORS请求的有效请求配置。我的服务器应用已配置CORSFilter,并且已经响应了这些请求。不过,响应是200 - OK代码,但"real"请求未发送。
到目前为止,我已经明白了,当CORS request为200-OK时,浏览器必须发送"real"请求,不应该?
当我到达this.http.request(path, requestOptions)时,发送了CORS请求:
curl "http://localhost:8082/commty/cmng/users" -X OPTIONS -H "Host: localhost:8082" -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0" -H "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8" -H "Accept-Language: es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3" --compressed -H "Access-Control-Request-Method: PUT" -H "Access-Control-Request-Headers: passwd,user" -H "Origin: http://localhost:3000" -H "Connection: keep-alive"
和响应标题:
HTTP/1.1 200 OK
X-Powered-By: Undertow/1
Access-Control-Allow-Headers: origin, content-type, accept, authorization
Server: WildFly/10
Date: Fri, 09 Dec 2016 07:50:55 GMT
Allow: HEAD, GET, OPTIONS, PUT
Connection: keep-alive
Access-Control-Allow-Origin: *
access-control-allow-credentials: true
Content-Type: text/plain
Content-Length: 23
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS, HEAD
Access-Control-Max-Age: 1209600
有什么问题我不明白吗?
为什么浏览器没有发送"real"请求?
修改
当我尝试发送PUT请求(typescript fragemnt code)时,此链开始:
/**
* User exists
*
* @param user username
*/
public existsWithHttpInfo(user: string, extraHttpRequestParams?: any): Observable<Response> {
const path = this.basePath + `/users`;
let queryParameters = new URLSearchParams();
let headers = new Headers(this.defaultHeaders.toJSON()); // https://github.com/angular/angular/issues/6845
// verify required parameter 'user' is not null or undefined
if (user === null || user === undefined) {
throw new Error('Required parameter user was null or undefined when calling exists.');
}
headers.set('user', String(user));
// to determine the Content-Type header
let consumes: string[] = [
];
// to determine the Accept header
let produces: string[] = [
'application/json'
];
let requestOptions: RequestOptionsArgs = new RequestOptions({
method: RequestMethod.Get,
headers: headers,
search: queryParameters
});
// https://github.com/swagger-api/swagger-codegen/issues/4037
if (extraHttpRequestParams) {
requestOptions = this.extendObj(requestOptions, extraHttpRequestParams);
}
return this.http.request(path, requestOptions);
}
CorsFilter:
@Provider
public class CORSFilter implements ContainerResponseFilter
{
@Override
public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext) throws IOException
{
responseContext.getHeaders().add("Access-Control-Allow-Origin", "*");
responseContext.getHeaders().add("Access-Control-Allow-Headers", "origin, content-type, accept, authorization");
responseContext.getHeaders().add("Access-Control-Allow-Credentials", "true");
responseContext.getHeaders().add("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS, HEAD");
responseContext.getHeaders().add("Access-Control-Max-Age", "1209600");
}
}
错误消息
Object {
_body: error,
status: 0,
ok: false,
statusText: "",
headers: Object,
type: 3,
url: null
}
1 个答案:
答案 0 :(得分:2)
因为您正在使用:
responseContext.getHeaders().add("Access-Control-Allow-Credentials", "true");
您不能使用通配符作为原点。将其更改为:
responseContext.getHeaders().add("Access-Control-Allow-Origin", "my.frontend.com");
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?