我已经浏览了所有与cors相关的答案。我还没有找到解决我问题的实际方法。任何帮助将不胜感激。
我有一个有角度的应用程序,正在从中调用Java Web的api。 Tomcat服务器中的应用程序。
如果通过添加此CorsFilter删除了web.xml中的所有安全约束,则可以从angular应用程序发出GET请求。
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Accept,Accept-Encoding,Accept-Language,Access-Control-Request-Method,Access-Control-Request-Headers,Authorization,Connection,Content-Type,Host,Origin,Referer,Token-Id,User-Agent, X-Requested-With</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>*</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
但是,当我添加安全约束时,
<security-constraint>
<web-resource-collection>
<web-resource-name>secure</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>PLATFORM Users</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>My Realm</realm-name>
</login-config>
<security-role>
<description>The role that is required to log in pages.</description>
<role-name>PLATFORM Users</role-name>
</security-role>
它为OPTIONS请求提供200,为GET请求禁止403。
此行为的原因是什么?
Ps。我正在从localhost:4200调用Java应用程序