devbox
笔触狂放9
这个屌丝很懒,什么也没留下!
关注作者
热门标签
热门文章
当前位置:   article > 正文

SpringBoot3 CORS跨域访问

作者:笔触狂放9 | 2024-04-20 18:42:48

springboot3 cors

目录

Credentials

​编辑

问题一

问题二

问题三

解决方法一 CrossOrigin,最优的方法

 解决方法二 通过Filter 设置HTTP

解决方法三 通过实现WebMvcConfigurer设置HTTP

解决方法四 通过CorsFilter

Access-Control-Allow-Headers authorization 问题

解决办法,服务器添加authorization

HTTP 协议,需要认真的学习每个细节。

allowCredentials(true)  和 allowed-origins: "*" 不能同时配置

allowCredentials(true)  和 allowed-origins: "http://127.0.0.1:5500" 匹配

Credentials

Credentials告诉brower 带上Cookie信息,这时Allow-Origin不能是wildcard(*)。

因为* 可能造成网站的不安全,不会把Cookie给任何请求,所以Allow-Origin必须有值。

Credentials=false时,Set-Cookie不会生效。

问题一

No 'Access-Control-Allow-Origin',此错误信息不准确,配置的信息里任何一项有错误,都会报如下信息。如果addmapping("/rest")会报这个错误,准确的是addmapping("/rest/**")。

Access to fetch at 'http://localhost:8888/rest/order/1' from origin 'http://127.0.0.1:5500' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

问题二

"When allowCredentials is true, allowedOrigins cannot contain the special value \"*\" since that cannot be set on the \"Access-Control-Allow-Origin\" response header. To allow credentials to a set of origins, list them explicitly or consider using \"allowedOriginPatterns\" instead."

 //.allowCredentials(true)

  1. 	@Override
  2. 	public void addCorsMappings(CorsRegistry registry) {
  3. 		
  4. 		registry.addMapping("/**")
  5.         .allowedOrigins("http://localhost:5500")
  6.         //.allowCredentials(true)
  7.         .allowedMethods(yml.WEB_CORS_ALLOWED_METHODS)
  8.         .maxAge(yml.WEB_CORS_MAX_AGE)
  9.         .allowedHeaders(yml.WEB_CORS_EXPOSED_HEADERS)
  10.         .exposedHeaders(yml.WEB_CORS_EXPOSED_HEADERS);		
  11. 		WebMvcConfigurer.super.addCorsMappings(registry);
  12. 	}

问题三

请求过程中出现异常,导致没有正常的返回,Response的Header没有数据,也会出现CORS,

需要让请求正常返回。 

解决方法一 CrossOrigin,最优的方法

最简单实现跨域访问的方法是通过注释@CrossOrigin。

  1. 	@CrossOrigin
  2. 	@GetMapping("/order/{id}")
  3. 	public OrderVO getOrder(@PathVariable("id") Long id,
  4. 							HttpServletRequest request,
  5. 							HttpServletResponse response) {
  6. }

 解决方法二 通过Filter 设置HTTP

  1. @Component
  2. public class WebCommonFilter implements Filter{
  3.  
  4. 	/**
  5. 	 *  handle CORS question by {@link HttpServletRequest} 
  6. & {@link HttpServletResponse} ,
  7. 	 *  This method can resolve any CORS by setting 
  8. Access-Control-Allow-Origin = true 
  9. 	 *  or Access-Control-Allow-Origin = req.getHeader("Origin").
  10. 	 */
  11. 	@Override
  12. 	public void doFilter(ServletRequest request, 
  13. 						ServletResponse response, 
  14. 						FilterChain chain)throws IOException, ServletException {
  15. 		
  16. 	        HttpServletRequest req = (HttpServletRequest) request;
  17. 	        String curOrigin = req.getHeader("Origin");
  18. 	        HttpServletResponse res = (HttpServletResponse) response;
  19. 	        res.setHeader("Access-Control-Allow-Origin", 
  20.             curOrigin == null ? "true" : curOrigin);
  21. 	        res.setHeader("Access-Control-Allow-Credentials", "true");
  22. 	        res.setHeader("Access-Control-Allow-Methods", "POST, 
  23.             GET, OPTIONS, DELETE, HEAD");
  24. 	        res.setHeader("Access-Control-Max-Age", "3600");
  25. 	        res.setHeader("Access-Control-Allow-Headers", 
  26.             "access-control-allow-origin, x-custom-header,authority, 
  27.             content-type, version-info, X-Requested-With");
  28. 	        res.setContentType("application/json;charset=UTF-8");
  29. 	        chain.doFilter(req, res);
  30. 	}
  31. }

解决方法三 通过实现WebMvcConfigurer设置HTTP

最灵活的实现方式,推荐在项目中使用这种方式。

  1. @Configuration
  2. public class WebBaseMvcConfigurer implements WebMvcConfigurer {
  3.  
  4. 	@Autowired
  5. 	WebConfigurerFromYML yml;
  6. 	
  7.     @Override
  8.     public void addCorsMappings(CorsRegistry registry) {
  9.         registry.addMapping(yml.mapping)
  10.                 .allowedOrigins(yml.WEB_CORS_ALLOWED_ORIGINS)
  11.                 .allowCredentials(true)
  12.                 .allowedMethods(yml.WEB_CORS_ALLOWED_METHODS)
  13.                 .maxAge(yml.WEB_CORS_MAX_AGE);
  14. //                .allowedHeaders(yml.WEB_CORS_ALLOWED_HEADERS);
  15. //                .exposedHeaders(yml.WEB_CORS_EXPOSED_HEADERS);
  16.     }
  17. }
  1. web:
  2.   cors:
  3.     mapping: "/rest/**"
  4.     allowed-origins: "http://127.0.0.1:5500"
  5.     allowed-methods: "POST,GET,OPTIONS,DELETE,HEAD"
  6.     max-age: 3600
  7.     allowed-headers: "access-control-allow-origin"
  8.     exposed-headers: "X-Get-Header"

解决方法四 通过CorsFilter

  1. @Configuration
  2. public class GlobalCorsConfig {
  3.  
  4.     @Bean
  5.     public CorsFilter corsFilter() {
  6.         //1. 添加 CORS配置信息
  7.         CorsConfiguration config = new CorsConfiguration();
  8.         //放行哪些原始域
  9.         config.addAllowedOrigin("http://localhost:8080/");
  10.         //是否发送 Cookie
  11.         config.setAllowCredentials(true);
  12.         //放行哪些请求方式
  13.         config.addAllowedMethod("*");
  14.         //放行哪些原始请求头部信息
  15.         config.addAllowedHeader("*");
  16.         //暴露哪些头部信息
  17.         config.addExposedHeader("*");
  18.         //2. 添加映射路径
  19.         UrlBasedCorsConfigurationSource corsConfigurationSource 
  20. = new UrlBasedCorsConfigurationSource();
  21.         corsConfigurationSource.registerCorsConfiguration("/**",config);
  22.         //3. 返回新的CorsFilter
  23.         return new CorsFilter(corsConfigurationSource);
  24.     }
  25. }

Access-Control-Allow-Headers authorization 问题

Access-Control-Allow-Headers 允许的参数没有包含客户端请求的参数,如authorization。然后会出现CORS跨域问题。

解决办法,服务器添加authorization

声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/笔触狂放9/article/detail/458806
推荐阅读
相关标签

Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。

  

闽ICP备14008679号