我们的前端(Angular 6,http://localhost:4200)调用后端(SpringBoot,http://localhost:8080)面临以下问题:
CORS策略已阻止从来源“ http://localhost:8080/typesorganisme”访问“ http://localhost:4200”处的XMLHttpRequest:请求的资源上没有“ Access-Control-Allow-Origin”标头。
我们正在使用Keycloak,并且被阻止的URL被保护了。
已为Keycloak服务器设置了以下属性:
(我们还尝试在Web Origins中添加“ *”,但没有结果)
通常,后端中的此过滤器会将以下CORS属性添加到标头中:
@Override
public void doFilter(final ServletRequest theServletRequest, final ServletResponse theServletResponse, final FilterChain theFilterChain) throws IOException, ServletException
{
final HttpServletResponse response = (HttpServletResponse) theServletResponse;
final HttpServletRequest request = (HttpServletRequest) theServletRequest;
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Methods", "GET,POST,DELETE,PUT,OPTIONS");
response.setHeader("Access-Control-Allow-Headers", "*");
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Max-Age", "180");
response.setHeader("Access-Control-Expose-Headers", "X-Total-Count");
theFilterChain.doFilter(theServletRequest, theServletResponse);
}
您有什么想法要解决吗?
更新
更改后端的cors过滤器后,现在可以正确暴露Access-Control-Allow-Origin,但是我的请求面临无限重定向循环:
导致此浏览器错误:
无法加载资源:net :: ERR_TOO_MANY_REDIRECTS
