我对这里发生的事情感到很困惑。
Spring Boot后端接受使用X-Auth-Token标头值发送的请求。如果我从ARC客户端发送请求,它可以正常工作
来自角度代码的GET请求不会与X-Auth-Token请求标头一起使用。
角度代码:
getCandidatesByUserId(userId: number): Observable<Candidate[]> {
let headers = new Headers({ 'Accept': 'application/json' });
headers.append('X-AUTH-TOKEN', this.token );
let options = new RequestOptions({headers: headers});
console.log('Found token is '+ headers.get('X-AUTH-TOKEN'));
return this.http.get(this.url+userId+'/candidates', {
headers: headers
})
.map((response: Response) => <Candidate[]> response.json())
.do(data => console.log('All: '+ JSON.stringify(data)))
.catch(this.handleError);
}
Spring Boot代码:
public final void doFilter(final ServletRequest req, final ServletResponse res, final FilterChain chain) throws IOException, ServletException {
final HttpServletResponse response = (HttpServletResponse) res;
response.setHeader("Access-Control-Allow-Origin", "*");
// without this header jquery.ajax calls returns 401 even after
// successful login and SSESSIONID being succesfully stored.
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Allow-Methods", "POST, PUT, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "X-AUTH-TOKEN, Content-Type");
response.setHeader("Access-Control-Expose-Headers", "X-AUTH-TOKEN, Content-Type");
final HttpServletRequest request = (HttpServletRequest) req;
System.out.println(">>>>>>>>>>>>"+request.getRequestURL()+" X-Auth-Token::"+ request.getHeader("X-AUTH-TOKEN"));
if (request.getMethod() != "OPTIONS") {
chain.doFilter(req, res);
} else {
//
}
}
最后sysout语句始终为X-Auth-Token标头打印空值。
错误:
XMLHttpRequest cannot load. Response for preflight has invalid HTTP status code 403