CORS Origin Spring Boot Jhipster - 飞行前失败
CORS Origin Spring Boot Jhipster - pre-flight fails
我正在使用 jhipster v2.27.2
我通过取消注释 application.yml
中的行启用了 cors
jhipster:
async:
corePoolSize: 2
maxPoolSize: 50
queueCapacity: 10000
cors: #By default CORS are not enabled. Uncomment to enable.
allowed-origins: "*"
allowed-methods: GET, PUT, POST, DELETE, OPTIONS
allowed-headers: "*"
exposed-headers:
allow-credentials: true
max-age: 1800
在"WebConfigurer"
@Bean
public CorsFilter corsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration config = props.getCors();
if (config.getAllowedOrigins() != null && !config.getAllowedOrigins().isEmpty()) {
source.registerCorsConfiguration("/api/**", config);
source.registerCorsConfiguration("/v2/api-docs", config);
source.registerCorsConfiguration("/oauth/**", config);
}
return new CorsFilter(source);
}
但是当我请求访问令牌时,我仍然看到这个错误
http://localhost:8080/oauth/token?username=admin&password=admin&grant_type=password&scope=read.
Response to preflight request doesn't pass access control check: No
'Access-Control-Allow-Origin' header is present on the requested
resource. Origin 'http://localhost:9090' is therefore not allowed
access. The response had HTTP status code 401.
看起来像默认值 SecurityConfiguration,它没有跳过 OPTIONS 的安全检查。
尝试将以下 antMatcher 添加到 SecurityConfiguration.java
中的 protected void configure(HttpSecurity http) 方法
.antMatchers(org.springframework.http.HttpMethod.OPTIONS, "/api/**").permitAll()
如果您忘记在指定的 URLs.In 上注册 cors,有时会出现此问题 WebConfigurer 查找 corsFilter 并添加这些行
log.debug("Registering CORS filter");
source.registerCorsConfiguration("/api/**", config);
SecurityConfiguration.java中的另一个选项。不是在 configure(HttpSecurity) 覆盖中使用 antMatcher,而是在 configure(WebSecurity) 覆盖中添加它...
public void configure(WebSecurity web) throws Exception {
web.ignoring()
.antMatchers(HttpMethod.OPTIONS, "/**")
我正在使用 jhipster v2.27.2 我通过取消注释 application.yml
中的行启用了 corsjhipster:
async:
corePoolSize: 2
maxPoolSize: 50
queueCapacity: 10000
cors: #By default CORS are not enabled. Uncomment to enable.
allowed-origins: "*"
allowed-methods: GET, PUT, POST, DELETE, OPTIONS
allowed-headers: "*"
exposed-headers:
allow-credentials: true
max-age: 1800
在"WebConfigurer"
@Bean
public CorsFilter corsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration config = props.getCors();
if (config.getAllowedOrigins() != null && !config.getAllowedOrigins().isEmpty()) {
source.registerCorsConfiguration("/api/**", config);
source.registerCorsConfiguration("/v2/api-docs", config);
source.registerCorsConfiguration("/oauth/**", config);
}
return new CorsFilter(source);
}
但是当我请求访问令牌时,我仍然看到这个错误
http://localhost:8080/oauth/token?username=admin&password=admin&grant_type=password&scope=read. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:9090' is therefore not allowed access. The response had HTTP status code 401.
看起来像默认值 SecurityConfiguration,它没有跳过 OPTIONS 的安全检查。
尝试将以下 antMatcher 添加到 SecurityConfiguration.java
protected void configure(HttpSecurity http) 方法
.antMatchers(org.springframework.http.HttpMethod.OPTIONS, "/api/**").permitAll()
如果您忘记在指定的 URLs.In 上注册 cors,有时会出现此问题 WebConfigurer 查找 corsFilter 并添加这些行
log.debug("Registering CORS filter");
source.registerCorsConfiguration("/api/**", config);
SecurityConfiguration.java中的另一个选项。不是在 configure(HttpSecurity) 覆盖中使用 antMatcher,而是在 configure(WebSecurity) 覆盖中添加它...
public void configure(WebSecurity web) throws Exception {
web.ignoring()
.antMatchers(HttpMethod.OPTIONS, "/**")