CORS政策:所请求的资源Spring Boot Rest API中没有“ Access-Control-Allow-Origin”标头

时间:2018-11-23 07:33:03

标签: java spring-boot cors

大家好,             当外部客户端尝试使用我的以下api“ http://host_details/processdocument”(类型为 multipartformdata ,但除此以外的所有其他API )时,出现以下错误日志详细信息中所示的错误>可以正常运行,类型为application / Json 。 因此,请指导我找出我在CORS config中所做的错误。 代码和错误详细信息如下:

在浏览器中看到的错误日志:            已从来源“ http://host_details/processdocument”访问“ http://caller_host:4212”处的XMLHttpRequest  被CORS策略阻止:请求的资源上没有“ Access-Control-Allow-Origin”标头。

我正在使用带有以下CORS Config的基于Spring Boot的应用程序:

1] CORS Config详细信息: 

@Component
public class SimpleCORSFilter implements Filter {

private final Logger log = LoggerFactory.getLogger(SimpleCORSFilter.class);

public SimpleCORSFilter() {
    log.info("SimpleCORSFilter init");
}

@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {

    HttpServletRequest request = (HttpServletRequest) req;
    HttpServletResponse response = (HttpServletResponse) res;
    log.info(request.getHeader("Origin"));
    response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin"));
    response.setHeader("Access-Control-Allow-Credentials", "true");
    response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
    response.setHeader("Access-Control-Max-Age", "36000");
    response.setHeader("Access-Control-Allow-Headers", "Content-Type, Accept, X-Requested-With, remember-me");

    chain.doFilter(req, res);
}

@Override
public void init(FilterConfig filterConfig) {
}

@Override
public void destroy() {
}

}

2] Rest API Controller类: 

@RequestMapping(value=URLConstants.PROCESS_FILE_FOR_OCR,method=RequestMethod.POST,headers = {"content-type=multipart/mixed","content-type=multipart/form-data"})
    private ResponseEntity<Map<String, Object>> processVisa(
            @RequestPart(value = "file",required=true)  MultipartFile file,
            @RequestPart(value = "applicationId",required=true) String applicationId,
            @RequestPart(value = "fileCategory",required=true) String fileCategory)
    {
        //// implemntation here

    }

3]在API控制台中找到请求标头:

Now Multipart
   Request URL: 
http://host_detailas/processdocument
Request Method: 
POST
Status Code: 
500 
Remote Address: 
Remote_address_Url:82
Referrer Policy: 
no-referrer-when-downgrade


Request Headers
Provisional headers are shown
Accept: 
application/json, text/plain, */*
Content-Type: 
multipart/form-data
Origin: 
http://localhost:4222
Referer: 
http://localhost:4222/
User-Agent: 
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/URL Safari/537.36
Request Payload
------WebKitFormBoundaryCljOAWzb4HGBWil4 Content-Disposition: form-data; name="file"; filename="aadharcard.jpg" Content-Type: image/jpeg ------WebKitFormBoundaryCljOAWzb4HGBWil4 Content-Disposition: form-data; name="EmiratesId" Passport ------WebKitFormBoundaryCljOAWzb4HGBWil4 Content-Disposition: form-data; name="applicationId" 123 ------WebKitFormBoundaryCljOAWzb4HGBWil4--
Name

processdocument

1 个答案:

答案 0 :(得分:0)

这是cors选项方法的问题。您需要授予访问选项方法,请尝试在安全性上进行尝试

public class CustomSecurity extends WebSecurityConfigurerAdapter{
@Override
protected void configure(HttpSecurity http) throws Exception { 

      http.csrf()
        .disable()
        .authorizeRequests().antMatchers(HttpMethod.OPTIONS).permitAll() ....

}
}
相关问题
最新问题