Spring Boot-无法配置CORS选项策略

时间:2019-03-24 20:58:07

标签: spring-boot cors

我有一个Spring Boot rest api服务器,我正在尝试通过Vue.js应用程序连接到它

这是我配置Spring Boot Security的方式

public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

  @Override
    protected void configure(HttpSecurity http) throws Exception {

      http.

    .....

    .cors()

  }

     @Bean
    public CorsConfigurationSource corsConfigurationSource() {
        CorsConfiguration configuration = new CorsConfiguration();
        configuration.setAllowedOrigins(Arrays.asList("/**"));
        configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"));
        configuration.setAllowedHeaders(Arrays.asList("authorization", "content-type", "x-auth-token"));
        configuration.setExposedHeaders(Arrays.asList("x-auth-token"));
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", configuration);
        return source;
    }
}

当我尝试从客户端访问授权令牌时,在OPTIONS请求上出现403错误,并显示此错误

Access to XMLHttpRequest at 'http://localhost:8081/oauth/token' from origin 'http://localhost:8080' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

我不知道还应该设置什么

1 个答案:

答案 0 :(得分:0)

您肯定应该在"*"中使用"/**"而不是setAllowedOrigins

配置CORS AFAIK的正确方法是:

@Configuration
public class WebConfig implements WebMvcConfigurer {

    @Override
    public void addCorsMappings(CorsRegistry registry) {
        registry.addMapping("/**")
                .allowedOrigins("*")
                .allowedMethods("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS")
                .allowedHeaders("authorization", "content-type", "x-auth-token")
                .exposedHeaders("x-auth-token");
    }
}

另请参阅CorsRegistration javadocSetting up CORS in Spring Boot tutorial