我一直在研究Spring应用程序并配置了CORS。它就像localhost上的魅力一样,但当我尝试在Heroku上访问我的服务器时(来自AngularJS应用程序),我有错误:
CORS标头中缺少令牌'授权' 来自CORS预检频道的“Access-Control-Allow-Headers”
当我查看服务器响应时,我有来自localhost和Heroku的不同标题。
Host ###
User-Agent Mozilla/5.0 (Windows NT 10.0; …) Gecko/20100101 Firefox/56.0
Accept text/html,application/xhtml+xm…plication/xml;q=0.9,*/*;q=0.8
Accept-Language fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding gzip, deflate
Access-Control-Request-Method GET
Access-Control-Request-Headers authorization
Origin null
Connection keep-alive
X-Content-Type-Options nosniff
X-XSS-Protection 1; mode=block
Cache-Control no-cache, no-store, max-age=0, must-revalidate
Pragma no-cache
Expires 0
X-Frame-Options DENY
Access-Control-Allow-Origin null
Vary Origin
Access-Control-Allow-Methods HEAD,GET,POST,PUT,DELETE,OPTIONS
Access-Control-Allow-Headers authorization
Access-Control-Allow-Credentials true
Content-Length 0
Date Fri, 13 Oct 2017 09:10:56 GMT
Server Cowboy
Connection keep-alive
Access-Control-Allow-Origin *
Access-Control-Allow-Methods GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Headers origin, content-type, accept, x-req
Allow GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
Content-Length 0
Date Fri, 13 Oct 2017 09:21:17 GMT
Via 1.1 vegur
@Bean
public CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Arrays.asList("*"));
configuration.setAllowedMethods(Arrays.asList("HEAD", "GET", "POST", "PUT", "DELETE", "OPTIONS"));
configuration.setAllowCredentials(true);
configuration.setAllowedHeaders(Arrays.asList("Authorization", "Cache-Control", "Content-Type"));
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
我不明白为什么Heroku的响应与我的配置有所不同(虽然我是关于所有配置的noob)。我已经看过Express / NodeJs的解决方案,但是Spring应用程序没有...