在我的春季启动应用程序中,我有一个自定义过滤器,用于设置与cors相关的标题。这在localhost上完美运行,我的请求正在通过我的自定义过滤器并填写标题。 但是,当我将我的应用程序部署到服务器时,我收到一个错误,并且预检请求似乎没有调用我的自定义过滤器。
这是我的过滤器
@Component
public class CustomAllowAllCorsFilter implements Filter {
final private static Logger logger = LoggerFactory.getLogger(CustomAllowAllCorsFilter.class);
private boolean allowAllOrigins;
public CustomAllowAllCorsFilter() {
logger.info("init filter corsssss");
}
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain filterChain)
throws IOException, ServletException {
logger.info("doFilter - allowAllOrigins: " + allowAllOrigins);
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
if (allowAllOrigins) {
response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin"));
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers",
"Authorization, Content-Type, Accept, X-Requested-With, remember-me, OCTO-Security-Type, OCTO-Security-Name, OCTO-Security-Token, OCTO-Security-Business");
}
if (request.getMethod().equals("OPTIONS"))
response.setStatus(HttpServletResponse.SC_OK);
else
filterChain.doFilter(request, response);
}
@Override
public void init(FilterConfig filterConfig) {
}
@Override
public void destroy() {
}
@Value("${cors.allow-all-origins}")
public void setAllowAllOrigins(boolean allowAllOrigins) {
this.allowAllOrigins = allowAllOrigins;
}
}
这就是错误:
Failed to load http://xyz:8080/app/invoices: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://xii.com' is therefore not allowed access.
有人有想法吗?