我的项目中有一些Rest端点,我从另一台服务器的客户端应用程序调用。我已使用@CrossOrigin注释成功禁用了Cors,除了在Chrome上引发以下错误的Delete方法外,所有方法都正常工作:
XMLHttpRequest cannot load http://localhost:8856/robotpart/1291542214/compatibilities. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8888' is therefore not allowed access. The response had HTTP status code 403.
这是我的控制器:
@CrossOrigin(origins = "*")
@ExposesResourceFor(RobotPart.class)
public class RobotPartController {
//All endpoints are working except the Delete Mapping
@GetMapping("/robotpart")
public ResponseEntity<List<RobotPartResource>> listAllParts() {
//..
}
@GetMapping("/robotpart/{id}")
public ResponseEntity<RobotPartResource> getById(@PathVariable Integer id) {
//..
}
@GetMapping("/robotpart/{id}/compatibilities")
public ResponseEntity<Collection<RobotPartResource>> getRobotCompatibilities(@PathVariable Integer id,
//..
}
@PostMapping("/robotpart")
public ResponseEntity<RobotPartResource> getById(@RequestBody @Valid RobotPart newRobot) {
//..
@PutMapping("/robotpart/{id}")
public ResponseEntity<RobotPartResource> modify(@PathVariable Integer id, @Valid @RequestBody RobotPart newRobot) {
//...
}
@DeleteMapping("/robotpart/{id}")
public ResponseEntity<RobotPart> deleteById(@PathVariable Integer id) {
//...
}
}
有什么办法吗?
答案 0 :(得分:12)
我找到了一个解决方案,在分析了http请求之后,我注意到Access-Control-Allow-Methods标头缺少DELETE方法,所以我通过删除@CrossOrigin注释并添加这个bean来添加它配置:
@Bean
public WebMvcConfigurer corsConfigurer() {
return new WebMvcConfigurerAdapter() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/robotpart/**").allowedOrigins("*").allowedMethods("GET", "POST","PUT", "DELETE");
}
};
}