Question

我正在尝试在jasperserver中启用CORS策略。

我正在使用angular HTTPClient调用来自jasperserver的API。

到目前为止，我已经尝试过。

修改apache-tomcat apache-tomcat \ conf \ web.xml文件并添加以下代码。

<filter>
    <filter-name>CorsFilter</filter-name>
    <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
    <init-param>
        <param-name>cors.allowed.origins</param-name>
        <param-value>*</param-value>
    </init-param>
    <init-param>
        <param-name>cors.allowed.headers</param-name>
        <param-value>Content-Type,X-Requested-With,Accept,Authorization,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
    </init-param>
    <init-param>
        <param-name>cors.exposed.headers</param-name>
        <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
    </init-param>
</filter>
<filter-mapping>
    <filter-name>CorsFilter</filter-name>
    <url-pattern> /* </url-pattern>
</filter-mapping>

来自apache-tomcat网站。

还尝试修改jasperserver \ WEB-INF \ Web.xml文件并在下面添加代码

<filter>
<filter-name>CorsFilter2</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>*</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

仍然没有运气并遇到此错误。

Answer 1

在为此奋斗了几个小时之后，我想通了。

您必须完全禁用Jasper内置的CorsFilter，并在雄猫的/webapps/jasperserver/WEB-INF/web.xml中添加/映射自己的过滤器。全局tomcat web.xml不需要干预。

<!-- Comment the built-in filter out.
    <filter>
       <filter-name>CorsFilter</filter-name>
       <filter-class>com.jaspersoft.jasperserver.api.security.csrf.CorsFilter</filter-class>
    </filter>
    -->

    <filter>
        <filter-name>CorsFilter</filter-name>
        <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
        <init-param>
            <param-name>cors.allowed.origins</param-name>
            <!-- Tomcat 8.5+ doesn't allow '*' any longer in conjuction with 'cors.support.credentials' set to true.
             Instead, a specific comma separated list has to be set here. See https://bz.apache.org/bugzilla/show_bug.cgi?id=62343 -->
            <param-value>http://localhost:9000</param-value>
        </init-param>
        <init-param>
            <param-name>cors.allowed.methods</param-name>
            <param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
        </init-param>
        <init-param>
            <param-name>cors.allowed.headers</param-name>
            <!--- If requests contain an authorization header, it has to be added here as well -->
            <param-value>
                Content-Type,X-Requested-With,Accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,X-Remote-Domain,Authorization
            </param-value>
        </init-param>
        <init-param>
            <param-name>cors.exposed.headers</param-name>
            <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
        </init-param>
        <init-param>
            <param-name>cors.support.credentials</param-name>
            <param-value>true</param-value>
        </init-param>
        <init-param>
            <param-name>cors.preflight.maxage</param-name>
            <param-value>10</param-value>
        </init-param>
    </filter>                
        .......

        <!-- Ensure your newly introduced mapping is first in line -->
            <filter-mapping>
                <filter-name>CorsFilter</filter-name>
                <url-pattern>/*</url-pattern>
            </filter-mapping>

        <!-- Also comment out any existing mappings for the built-in filter -->
        <!--
          <filter-mapping>
              <filter-name>CorsFilter</filter-name>
              <url-pattern>*.woff</url-pattern>
          </filter-mapping>
          <filter-mapping>
              <filter-name>CorsFilter</filter-name>
              <url-pattern>*.ttf</url-pattern>
          </filter-mapping>
          <filter-mapping>
              <filter-name>CorsFilter</filter-name>
              <url-pattern>*.svg</url-pattern>
          </filter-mapping>
          <filter-mapping>
              <filter-name>CorsFilter</filter-name>
              <url-pattern>*.eot</url-pattern>
          </filter-mapping>
        -->

JasperServer被CORS策略阻止：否'Access-Control-Allow-Origin'

1 个答案: