我尝试发布包含数据的字典以进行预订。但是Chrome记录了以下错误:Access to XMLHttpRequest at 'http://localhost:8080/reservations' from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
这很奇怪,因为我可以发布图像,视频,html内容,因为我在控制器上放置了@CrossOrigin注释。但是对于这个特定的帖子请求,它似乎不起作用。
休息控制器:
@CrossOrigin(origins="http://localhost:4200",
maxAge=2000,allowedHeaders="header1,header2",
exposedHeaders="header1",allowCredentials= "false")
@RestController
public class ReservationsController {
private ReservationDao dao;
@Autowired
public ReservationsController(ReservationDao dao) {
this.dao = dao;
}
@PostMapping("/reservations")
public Map<String, String> bookReservation(@RequestBody Map<String, String> reservation) {
System.out.println(reservation);
return null;
}
}
角形api book的预订方法:
bookReservation(data) {
console.log(data);
const result = this.http.post(this.apiUrl + 'reservations', data).subscribe(
(val) => {
console.log('POST call succesful value returned in body',
val);
},
response => {
console.log('POST call in error', response);
},
() => {
console.log('The POST observable is now completed');
});
console.log(result);
}
答案 0 :(得分:1)
如果仅设置allowedHeaders,则将允许该参数;如果接收到其他参数,则它永远不会发送跨源标头,而chrome将抛出错误。
如果不需要它们,则应删除allowedHeaders,暴露的Headers和allowCredentials。