无法向 Spring 资源服务器发送 POST 请求
Cannot send POST request to Spring Resource server
我有一个 Spring Boot ResourceServer 和一个 React 客户端应用程序。我正在尝试向服务器端点之一发送 POST 请求(顺便说一句,它有 @CrossOrigin 注释。),但是,我在控制台中收到此错误:
Access to XMLHttpRequest at 'http://localhost:8080/api/search' from
origin 'http://localhost:3000' has been blocked by CORS policy:
Response to preflight request doesn't pass access control check: It
does not have HTTP ok status.
预检请求returns 401 Http 状态,我不知道为什么。
预检请求的响应 headers 如下所示:
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: POST
Access-Control-Allow-Origin: http://localhost:3000
Allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Length: 0
Date: Sun, 20 Oct 2019 17:23:54 GMT
Expires: 0
Pragma: no-cache
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
WWW-Authenticate: Basic realm="Realm"
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
我的预检请求 headers 看起来像这样:
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: http://localhost:3000
Referer: http://localhost:3000/movie-search
Sec-Fetch-Mode: no-cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.87 Safari/537.36
我正在使用 Axios 发送请求(如果重要的话)。有人知道这里发生了什么吗?
糟糕...我的 HTTPSecurity 配置如下所示:
http
.authorizeRequests()
.antMatchers(HTTPMethod.POST, "/api/search").permitAll()
.anyRequest().authenticated()
.and().httpBasic()
而不是这个:
http
.authorizeRequests()
.antMatchers("/api/search").permitAll()
.anyRequest().authenticated()
.and().httpBasic()
我有一个 Spring Boot ResourceServer 和一个 React 客户端应用程序。我正在尝试向服务器端点之一发送 POST 请求(顺便说一句,它有 @CrossOrigin 注释。),但是,我在控制台中收到此错误:
Access to XMLHttpRequest at 'http://localhost:8080/api/search' from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.
预检请求returns 401 Http 状态,我不知道为什么。
预检请求的响应 headers 如下所示:
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: POST
Access-Control-Allow-Origin: http://localhost:3000
Allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Length: 0
Date: Sun, 20 Oct 2019 17:23:54 GMT
Expires: 0
Pragma: no-cache
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
WWW-Authenticate: Basic realm="Realm"
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
我的预检请求 headers 看起来像这样:
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: http://localhost:3000
Referer: http://localhost:3000/movie-search
Sec-Fetch-Mode: no-cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.87 Safari/537.36
我正在使用 Axios 发送请求(如果重要的话)。有人知道这里发生了什么吗?
糟糕...我的 HTTPSecurity 配置如下所示:
http
.authorizeRequests()
.antMatchers(HTTPMethod.POST, "/api/search").permitAll()
.anyRequest().authenticated()
.and().httpBasic()
而不是这个:
http
.authorizeRequests()
.antMatchers("/api/search").permitAll()
.anyRequest().authenticated()
.and().httpBasic()