我有一个受spring安全保护的spring boot rest服务,并且有一个节点js ui试图访问此服务。呼叫在chrome浏览器中工作正常,但是从野生动物园浏览器访问ui时,出现了CORS错误。
Failed to load resource: Origin http://checkout-test.com is not allowed by Access-Control-Allow-Origin.
尝试将Spring Security Cors过滤器中允许的标头配置从*更改为值的特定列表,例如来源,接受等
@Bean
CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(ImmutableList.of("http://checkout-test.com"));
configuration.setAllowedMethods(ImmutableList.of("GET", "POST", "OPTIONS"));
configuration.setAllowCredentials(true);
configuration.setAllowedHeaders(ImmutableList.of("*"));
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
http
.cors().and()
.antMatcher("/**")
.authorizeRequests()
.antMatchers(AUTH_WHITELIST)
.permitAll()
.anyRequest()
.authenticated()
.and()
.csrf().disable();