来自CORS请求的响应标头中没有“ set-cookie”

时间:2019-10-02 11:04:16

标签: spring-boot spring-security cors

我要在s3上托管我的静态页面,并在弹性beantalk上托管我的spring boot申请

Spring boot cors config:

@Bean
public WebMvcConfigurer corsConfigurer() {
    return new WebMvcConfigurer() {
        @Override
        public void addCorsMappings(CorsRegistry registry) {
            registry.addMapping("/**").allowedOrigins("http://*******.s3-ap-southeast-2.amazonaws.com")
            .allowCredentials(true);
        }
    };
}

Spring安全配置:

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.cors().and()
            .csrf().disable()
            .exceptionHandling()
            .authenticationEntryPoint(restAuthenticationEntryPoint)
            .and()
            .authorizeRequests()
            .antMatchers("/view/**").authenticated()
            .antMatchers("/form/**").hasRole("VENUE")
            .and()
            .formLogin()
            .successHandler(customizeAuthenticationSuccessHandler)
            .and()
            .logout();
}

我试图在我的静态html页面中调用此函数

function applicantLogin() {
    let xhr = new XMLHttpRequest();
    xhr.open("POST", "http://**********.ap-southeast-2.elasticbeanstalk.com:8080/login", false);
    xhr.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
    xhr.setRequestHeader('Access-Control-Allow-Origin', 'http://**********.ap-southeast-2.elasticbeanstalk.com');
    xhr.withCredentials=true;
    xhr.send('username=user&password=userPass');
    xhr.onload = function () {
        if (xhr.status === 200) {
            console.log(xhr.response)
            alert('login success');
        } else {
            alert('login unsuccessful');
        }
    }
}

响应是 enter image description here

我无法访问任何需要身份验证的资源

但是当我使用邮递员测试api时,一切似乎都正常工作

0 个答案:

没有答案
相关问题
最新问题