我在后端使用Spring Boot服务,在前端使用angular 6。
在春季启动中,我启用了cors使用。
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/interview/**").allowedOrigins("*");
}
我正在为每种服务使用拦截器。
在前端呼叫服务中:
headers = new Headers();
constructor(private http: Http, private logger: MLogger) {
this.headers.set("Access-Control-Allow-Origin", "*");
this.headers.set( 'Content-Type', 'application/json',);
this.headers.set( 'Accept', '*');
this.headers.set( 'sessionId', DataService.sessionId);
}
private options = new RequestOptions({ headers: this.headers});
interviewCommand: InterviewCommand;
getInterviewDetails(data: any): Promise<any> {
const serviceURL = environment.startInterviewURL;
return this.http
.post(serviceURL,data, this.options)
.toPromise()
.then(
interviewCommand => {
//doing some stuff
}
})
.catch(this.handleInterviewCommandError);
}
如果使用拦截器,我将遇到异常。不使用拦截器,我不会得到错误提示。.
无法加载http://localhost:7070/example/myservice:请求标头 字段Access-Control-Allow-Origin不允许 飞行前响应中的Access-Control-Allow-Header。
在拦截器中,我添加了以下内容:
if (request.getMethod().equals("OPTIONS")) {
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Origin-Methods", "GET, POST, OPTIONS");
response.setHeader("Access-Control-Allow-Headers", "Authorization, Content-Range, Content-Disposition, Content-Description,Origin, X-Requested-With");
response.setHeader("Access-Control-Expose-Headers", "*");
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Max-Age", "4800");
}
答案 0 :(得分:1)
得到答案...
从您的计算机中删除了this.headers.set(“ Access-Control-Allow-Origin”,“ *”) 前端
和
在拦截器响应中添加到后端。
response.setHeader(“ Access-Control-Allow-Headers”, “授权,内容类型,内容范围,内容处置, Content-Description,Origin,X-Requested-With,sessionId“); response.setHeader(“ Access-Control-Allow-Origin”,“ *”);
When you start playing around with custom request headers you will get a CORS preflight. This is a request that uses the HTTP OPTIONS verb and includes several headers, one of which being Access-Control-Request-Headers listing the headers the client wants to include in the request.
You need to reply to that CORS preflight with the appropriate CORS headers to make this work. One of which is indeed Access-Control-Allow-Headers. That header needs to contain the same values the Access-Control-Request-Headers header contained (or more).
https://fetch.spec.whatwg.org/#http-cors-protocol explains this setup in more detail.