由于CORS配置,我的tomcat服务器出现问题。 我用CORS解决了以前的问题,但是现在我有一个HTTP错误代码403。
POST http://192.168.1.3:8080/profil-skype/authenticate 403
响应头:
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://localhost:8080
Access-Control-Expose-Headers: x-auth-token, authorization, Authorization, count
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Connection: keep-alive
Content-Type: text/plain
Date: Sat, 17 Oct 2020 16:33:08 GMT
Expires: 0
Keep-Alive: timeout=20
Pragma: no-cache
Transfer-Encoding: chunked
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Tomcat,web.xml:
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
从安全配置中提取:
@Bean
public CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Arrays.asList("http://localhost:4200", "http://localhost:8080",
"http://192.168.1.3:8080"));
configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"));
configuration.setAllowedHeaders(Arrays.asList("authorization", "content-type", "x-auth-token","Authorization","count"));
configuration.setExposedHeaders(Arrays.asList("x-auth-token", "authorization","Authorization", "count"));
configuration.setAllowCredentials(true);
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
在Angular开发过程中,我毫无疑问地称为后端。 我认为,我必须自定义tomcat服务器,但我不知道...
非常感谢您。
编辑:
为什么CORS存在问题? 当主机和服务器相同时,我没有更多错误。 我以前对CORS的问题:
Access to XMLHttpRequest at xxxx
from origin 'http://localhost:8000' has been blocked by CORS policy:
No 'Access-Control-Allow-Origin' header is present on the requested resource.
我忘记在CORS配置中设置“允许来源”。