CORS问题使用Sencha CMD 6.5生成的App Android的POST请求(403 Forbidden)

时间:2018-02-07 11:29:46

标签: android tomcat post extjs cors

我很绝望。我正在尝试使用Sencha CMD 6.5生成应用程序Android(前端),将请求发送到Tomcat服务器(后端)。

问题是POST方法,当App在标题中发送请求时," Origin"参数设置为" file://"并且tomcat的CORS拒绝请求(Forbidden 403)。

HEADER 

Accept: */*
Accept-Encoding: gzip,deflate
Accept-Language: en-US;q=0.9
Connection: keep-aliv(e)
Content-Length: 39
Host: 192.168.1.91: 8080
Origin: file: //
Referer: -
Content-Type: application/x-www-form-urlencoded;charset=UTF-8
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0(Linux;Android7.0;MI5Build/NRD90M;wv)AppleWebKit/537.36(KHTML,likeGecko)Version/4.0Chrome/64.0.3282.137MobileSafari/537.36

在web.xml中的tomcat 8.0上定义的FILTER 

<filter>
    <filter-name>CorsFilter</filter-name>
    <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
    <init-param>
      <param-name>cors.allowed.origins</param-name>
      <param-value>*</param-value>
    </init-param>
     <init-param>
      <param-name>cors.allowed.methods</param-name>
      <param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
    </init-param> 
    <init-param>
      <param-name>cors.allowed.headers</param-name>
      <param-value>Cache-Control,Content-Language,Expires,Last-Modified,Pragma,Content-Type,X-Requested-With,Accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
    </init-param>
     <init-param>
        <param-name>cors.exposed.headers</param-name>
        <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
    </init-param> 
    <init-param>
      <param-name>cors.support.credentials</param-name>
      <param-value>true</param-value>
    </init-param>
    <init-param>
      <param-name>cors.preflight.maxage</param-name>
      <param-value>10</param-value>
    </init-param>
 </filter>

 <filter-mapping>
    <filter-name>CorsFilter</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>

有趣的是,GET方法没有在Origin参数中设置任何内容,而Tomcat CORS接受它。

只有两种解决方案:

1.-设置参数Origin of header(我在任何论坛中都找不到任何东西,比如这个,比如senchaforum等)。

2.-修改TOMCAT 8的CORS过滤器。(我在任何论坛中都找不到任何东西,比如像senchaforum等。)

拜托,有人可以帮帮我吗?先谢谢

丹尼尔

1 个答案:

答案 0 :(得分:0)

解决方案是使用ContainerResponseFilter,而不是tomcat的过滤器。 

import javax.ws.rs.ext.Provider;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerResponseContext;
import javax.ws.rs.container.ContainerResponseFilter;
import javax.ws.rs.core.MultivaluedMap;

@Provider
public class CORSResponseFilter implements ContainerResponseFilter {

@Override
public void filter(ContainerRequestContext creq, ContainerResponseContext cres) {

    MultivaluedMap<String, Object> headers = cres.getHeaders();
    headers.add("Access-Control-Allow-Origin", "*");
    headers.add("Access-Control-Allow-Headers", "Cache-Control,Content-Language,Expires,Last-Modified,Pragma,Content-Type,X-Requested-With,Accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers");
    headers.add("Access-Control-Allow-Credentials", "false");
    headers.add("Access-Control-Allow-Methods", "GET,POST,HEAD,OPTIONS,PUT");
    //headers.add("Access-Control-Max-Age", "10");
    }

}

我已经尝试了这个,以防有人认为它可以使用原始过滤器:

<init-param>
      <param-name>cors.support.credentials</param-name>
      <param-value>false</param-value>
</init-param>

欢迎大家,我希望将来有人帮助。

丹尼尔

相关问题
最新问题