我正在尝试将Spring Boot从1.3.8.RELEASE升级到1.4.0.RELEASE
升级后,Set-Cookie标头不会传递给浏览器
@RequestMapping(method = RequestMethod.POST)
public HttpEntity<Result> postRequest( @RequestBody RequestObject r ){
Result body = getBody(r);
HttpHeader header = getHeader(); //contains Set-Cookie
return new ResponseEntity(body,header,Httpstatus.OK)
}
我阅读了一下,发现这个替代解决方案有效,但需要更换控制器:
@RequestMapping(method = RequestMethod.POST)
public HttpEntity<Result> postRequest( @RequestBody RequestObject r, HttpServletResponse httpResponse ){
Result body = getBody(r);
HttpHeader header = getHeader(); //contains Set-Cookie foo=bar
response.addCookie(new Cookie("foo", "bar"));
return new ResponseEntity(body,header,Httpstatus.OK)
}
但是,控制器很多,我不想改变每个控制器。我不知道较新的Spring Boot中是否有新的安全功能,因此我可以关闭/打开以使旧代码在整个项目中都能正常工作?
我真的不想更换500个以上的控制器...
注意:其他不是Set-Cookie的标头会通过。
答案 0 :(得分:0)
您可以尝试将“ set-cookie”标头添加到公开标头列表中,浏览器应该可以访问该标头。
示例-
HttpHeaders responseHeaders = new HttpHeaders();
responseHeaders.setHeader({your header name}, {value of header}); //set your header
//add the header names you want to expose to a list
List<String> allowedHeaders = new ArrayList<>();
allowedHeaders.add({your header name});
//add the list of headers to be exposed to the Access-Control-Expose-Headers header
responseHeaders.put("Access-Control-Expose-Headers", allowedHeaders);