Jetty Cross Origin过滤器

时间:2011-11-28 22:17:35

标签: java ajax cross-domain jetty cors

我配置了Jetty的跨源过滤器,但我仍然遇到以下错误。有谁知道什么是错的以及如何解决它?错误消息下面是我的覆盖描述符(即补充web.xml)

错误:

Origin http://localhost:8090 is not allowed by Access-Control-Allow-Origin.

覆盖描述符:

<!DOCTYPE web-app PUBLIC
 "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
 "http://java.sun.com/dtd/web-app_2_3.dtd" >

<web-app>
 <filter>
   <filter-name>cross-origin</filter-name>
   <filter-class>org.eclipse.jetty.servlets.CrossOriginFilter</filter-class>
   <init-param>
       <param-name>allowedOrigins</param-name>
       <param-value>*</param-value>
   </init-param>
   <init-param>
       <param-name>allowedMethods</param-name>
       <param-value>*</param-value>
   </init-param>
   <init-param>
       <param-name>allowedHeaders</param-name>
       <param-value>*</param-value>
   </init-param>
 </filter>
 <filter-mapping>
     <filter-name>cross-origin</filter-name>
     <filter-pattern>/*</filter-pattern>
 </filter-mapping>
</web-app>

请求标题

Accept:*/*
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Access-Control-Request-Headers:Origin, Content-Type, Accept
Access-Control-Request-Method:POST
Connection:keep-alive
Host:localhost:8080
Origin:http://localhost:8090
Referer:http://localhost:8090/home
User-Agent:Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.8 (KHTML, like Gecko) Chrome/17.0.942.0

响应标题

Allow:POST,GET,OPTIONS,HEAD
Content-Length:0
Date:Wed, 30 Nov 2011 02:13:21 GMT
Server:Jetty(7.5.4.v20111024)

5 个答案:

答案 0 :(得分:25)

阿罗哈,

我也争吵了一段时间,发现最后一个节点需要:

<filter-mapping>
    <filter-name>cross-origin</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

不是

<filter-mapping>
     <filter-name>cross-origin</filter-name>
     <filter-pattern>/*</filter-pattern>
</filter-mapping>

以下是我发现的帮助我的链接:wiki.eclipse.org/Jetty/Feature/Cross_Origin_Filter

在我更新了我的web.xml文件并重新启动了jetty服务器之后,我能够使用jQuery ajax调用来发出跨域请求。

罗布

答案 1 :(得分:12)

在对部署到GAE的网络应用进行跨域调用时遇到了这个问题。您可以为Servlet响应添加显式标头,例如:

public void doGet(HttpServletRequest req, HttpServletResponse res) throws IOException 
{
    res.addHeader("Access-Control-Allow-Origin", "*");
    ...
}

并确保在WAR的根目录中有一个crossdomain.xml策略文件,例如:

<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd">
<allow-access-from domain="*"/>
</cross-domain-policy> 

HTH。

答案 2 :(得分:6)

我在Jetty Web Server中遇到与ActiveMQ Ajax相同的问题。我的问题是,允许的标头字段不接受“*”形式的通配符。

为了让ActiveMQ Ajax工作,我还必须将“选项”方法添加到allowedMethods。

来自web.xml的跨源过滤器:

<filter>
   <filter-name>cross-origin</filter-name>
   <filter-class>org.eclipse.jetty.servlets.CrossOriginFilter</filter-class>
   <init-param>
       <param-name>allowedOrigins</param-name>
       <param-value>*</param-value>
   </init-param>
   <init-param>
       <param-name>allowedMethods</param-name>
       <param-value>GET,POST,OPTIONS,DELETE,PUT,HEAD</param-value>
   </init-param>
   <init-param>
       <param-name>allowedHeaders</param-name>
       <param-value>origin, content-type, accept, authorization</param-value>
   </init-param>
 </filter>
 <filter-mapping>
     <filter-name>cross-origin</filter-name>
     <url-pattern>*</url-pattern>
 </filter-mapping>

答案 3 :(得分:4)

对于我(jetty-version 8.1.5.v20120716),只有'web.xml'中的这些行有助于:

<filter>
    <filter-name>cross-origin</filter-name>
    <filter-class>org.eclipse.jetty.servlets.CrossOriginFilter</filter-class>
    <init-param>
        <param-name>allowedOrigins</param-name>
        <param-value>*</param-value>
    </init-param>
    <init-param>
        <param-name>allowedMethods</param-name>
        <param-value>GET,POST,DELETE,PUT,HEAD</param-value>
    </init-param>
    <init-param>
        <param-name>allowedHeaders</param-name>
        <param-value>origin, content-type, accept</param-value>
    </init-param>
</filter>
<filter-mapping>
    <filter-name>cross-origin</filter-name>
   <url-pattern>/*</url-pattern>
</filter-mapping>

我将日志级别更改为DEBUG并从jetty控制台日志获取信息(如'GET,POST,DELETE,PUT,HEAD'和'origin,content-type,accept')。 E.g:

DEBUG CrossOriginFilter:359 - 方法DELETE是允许的方法之一[GET,POST,DELETE,PUT,HEAD] 19:14:28413

DEBUG CrossOriginFilter:389 - 标题[origin,content-type,accept]不在允许的标题中[*]

然后我用$ .ajax检查结果({url:'anotherHost',输入:'DELETE',..})

答案 4 :(得分:2)

在浪费了我很多时间之后刚刚打开了一个错误报告:

https://bugs.eclipse.org/bugs/show_bug.cgi?id=384847

还要注意,参数值中的通配符大多不受支持。 (即允许的标题)