我试图在Spring启动应用程序上配置CORS。我将CrossOrigin注释添加到我的控制器类中。
@CrossOrigin
@RestController
@RequestMapping("api/user")
public class UserApiController {
...
}
当我在本地计算机上运行时,我会收到OPTIONS请求的响应标头:
Access-Control-Allow-Credentials →true
Access-Control-Allow-Methods →GET
Access-Control-Allow-Origin →http://www.test.be
Access-Control-Max-Age →1800
Allow →GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
Cache-Control →no-cache, no-store, max-age=0, must-revalidate
Content-Length →0
Date →Wed, 28 Mar 2018 09:13:33 GMT
Expires →0
Pragma →no-cache
Vary →Origin
X-Content-Type-Options →nosniff
X-Frame-Options →DENY
X-XSS-Protection →1; mode=block
我在Tomcat服务器上部署了这个应用程序,在Linux上运行的Apache2服务器后面。当我在那里做同样的请求时,我明白了:
Allow →GET,HEAD
Cache-Control →no-cache, no-store, max-age=0, must-revalidate
Connection →Keep-Alive
Date →Wed, 28 Mar 2018 09:42:42 GMT
Expires →0
Keep-Alive →timeout=5, max=100
Pragma →no-cache
Server →Apache/2.4.18 (Ubuntu)
Transfer-Encoding →chunked
X-Content-Type-Options →nosniff
X-Frame-Options →DENY
X-XSS-Protection →1; mode=block
这就是我将Apache2配置为代理Tomcat的方式
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
#
ProxyRequests Off
ProxyPreserveHost On
#
#
ProxyPass /app http://localhost:8080/my_app
ProxyPassReverse /app http://localhost:8080/my_app
两个请求都返回了200 OK状态代码,但在服务器版本上我没有获得Access-Control-Allow标头。我在Allow标题中只看到GET,HEAD。为什么Apache2不允许OPTIONS?我该如何解决这个问题?