我从这个头文件中期望的是:浏览器仅发送一个options pre-flight request来表示每个资源的最长使用期限。
但是,我尝试使用的每个浏览器都会继续发送options pre-flight request用于每个请求,甚至包括之前发送的请求。
我尝试禁用no-cache header,但没有任何改变。我在下方共享了cors config代码。顺便说一句,我的spring boot没有为https / ssl配置 ,但是域和前端反应应用是,这可能是问题所在吗?
@Bean
public WebMvcConfigurer corsConfigurer(){
return new WebMvcConfigurer() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedHeaders("*")
.allowedMethods("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS")
.allowCredentials(true)
.allowedOrigins(ALLOWED_ORIGINS)
.exposedHeaders(AuthorizationController.AUTHENTICATION_KEY_NAME,
RequestInterceptor.FAILURE_REASON_HEADER_KEY_NAME,
RequestInterceptor.CONTENT_DISPOSITION_HEADER_KEY_NAME)
.maxAge(36000);
}
};
}
@Bean
public CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Collections.singletonList(ALLOWED_ORIGINS));
configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"));
configuration.setAllowedHeaders(Collections.singletonList("*"));
configuration.setExposedHeaders(Arrays.asList(AuthorizationController.AUTHENTICATION_HEADER_NAME,
RequestInterceptor.ERROR_DESCRIPTION_HEADER_KEY_NAME,
RequestInterceptor.CONTENT_DISPOSITION_HEADER_KEY_NAME));
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
我还向OncePerRequestFilter中的每个请求添加了以下标头。
httpServletResponse.setHeader("Access-Control-Max-Age","36000");
httpServletResponse.setHeader("Access-Control-Allow-Origin",ALLOWED_ORIGINS);
httpServletResponse.setHeader("Access-Control-Allow-Headers","*");
httpServletResponse.setHeader("Access-Control-Allow-Methods","GET, PUT, POST, DELETE, HEAD, OPTIONS");
httpServletResponse.setHeader("Cache-Control","no-cache, no-store, max-age=36000")
答案 0 :(得分:0)
您需要将要访问其后端的域/主机列入白名单/