我使用的是Spring 2.0.1,这是我的SecurityWebFilterChain
@Bean
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
return http
// Demonstrate that method security works
// Best practice to use both for defense in depth
.authorizeExchange()
.anyExchange().permitAll()
.and()
.httpBasic().and()
.build();
这是Cros配置
@Configuration
@EnableWebFlux
public class WebConfig implements WebFluxConfigurer {
@Override
public void addCorsMappings(CorsRegistry registry) {
final String ALLOWED_HEADERS = "x-requested-with, authorization,
Content-Type, Authorization, credential, X-XSRF-TOKEN";
final String ALLOWED_METHODS = "GET, PUT, POST, DELETE, OPTIONS";
final String ALLOWED_ORIGIN = "http://192.168.18.124:8888";
final long MAX_AGE = 3600;
registry.addMapping("/report/**")
.allowedOrigins(ALLOWED_ORIGIN)
.allowedMethods("PUT", "GET")
.allowedHeaders("x-requested-with", "authorization",
"Content-Type", "Authorization", "credential", "X-XSRF-TOKEN")
.allowCredentials(true).maxAge(3600);
}
}
我的ajax代码
var data = {};
$.ajax({
type: 'GET',
async: false,
url: 'http://192.168.18.135:8765/report/summaries/date/2017-06-12',
dataType: 'json',
data: data,
crossDomain: true,
crossOrigin: true,
beforeSend: function (xhr) {
xhr.withCredentials = true;
xhr.setRequestHeader('Authorization', 'Basic ' + "xxxxx");
},
success: function (responseData) {
console.log('-----------------response-------------------');
console.log(responseData);
console.log('-----------------response-------------------');
response = responseData;
},
error: function (responseData) {
response.error = responseData;
}
});
return response;
});
错误从服务器响应:
http://192.168.18.135:8765/report/summaries/date/2017-06-12。请求的资源上不存在“Access-Control-Allow-Origin”标头。因此,不允许原点“http://192.168.18.124:8888”访问。响应的HTTP状态代码为500.
如果我删除
xhr.setRequestHeader('授权','基本'+“xxxxx”);
它将返回401授权。
是否可以进行跨域+基本授权?
答案 0 :(得分:0)
这是我的CORS配置。创建一个新的类WebConfig并像这样声明一个Bean:
@Configuration
public class WebConfig {
@Bean
public WebMvcConfigurer corsConfigurer() {
return new WebMvcConfigurerAdapter() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedMethods("HEAD", "GET", "PUT", "POST", "DELETE", "PATCH");
}
};
}
}