来源已被 CORS 策略 Spring 引导和 React 阻止
origin has been blocked by CORS policy Spring boot and React
Spring 使用 React 启动
在“http://localhost:8080/' from origin 'http://localhost:3000”访问 XMLHttpRequest 已被 CORS 策略阻止:
这是一个控制器,return所有分区对象
Access to XMLHttpRequest at 'http://localhost:8080/ from origin 'http://localhost:3000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
package com.ministry.demo.controller;
import com.ministry.demo.model.District;
import com.ministry.demo.repository.DistrictRepository;
import com.ministry.demo.service.DistrictService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import java.util.List;
@RestController
@RequestMapping(path = "district")
public class DistrictController {
@Autowired
DistrictService service;
@GetMapping(path = "getAll")
List<District> getAllDistrict(){
return service.getAllDistricts();
}
}
如果您的后端和您的应用程序不在 运行 同一地址上,您的浏览器通常不允许您调用您的后端。
这是一项安全功能。
要允许您的浏览器调用您的 api,请将 Access-Control-**** header 添加到您的后端响应(从 Spring 回答时)。
见https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
允许所有来源的最基本header:
Access-Control-Allow-Origin: *
这是在 Spring 中添加那些 header 的教程:https://spring.io/guides/gs/rest-service-cors/
MyConfiguration.java
@Configuration
public class MyConfiguration implements WebMvcConfigurer {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedMethods("*");
}
}
我找到了答案
package com.ministry.demo.controller;
import java.util.List;
@RestController
@CrossOrigin
@RequestMapping(path = "district")
public class DistrictController {
@Autowired
DistrictService service;
@GetMapping(path = "getAll")
List<District> getAllDistrict(){
return service.getAllDistricts();
}
}
找到适合我的备选答案。
@Configuration
@EnableWebSecurity(debug = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeRequests()
.anyRequest().permitAll()
.and().httpBasic();
}
@Bean
public FilterRegistrationBean corsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration config = new CorsConfiguration();
config.addAllowedOrigin("*");
config.addAllowedHeader("*");
config.addAllowedMethod("*");
source.registerCorsConfiguration("/**", config);
FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source));
bean.setOrder(0);
return bean;
}
}
Spring 使用 React 启动
在“http://localhost:8080/' from origin 'http://localhost:3000”访问 XMLHttpRequest 已被 CORS 策略阻止:
这是一个控制器,return所有分区对象
Access to XMLHttpRequest at 'http://localhost:8080/ from origin 'http://localhost:3000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
package com.ministry.demo.controller;
import com.ministry.demo.model.District;
import com.ministry.demo.repository.DistrictRepository;
import com.ministry.demo.service.DistrictService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import java.util.List;
@RestController
@RequestMapping(path = "district")
public class DistrictController {
@Autowired
DistrictService service;
@GetMapping(path = "getAll")
List<District> getAllDistrict(){
return service.getAllDistricts();
}
}
如果您的后端和您的应用程序不在 运行 同一地址上,您的浏览器通常不允许您调用您的后端。 这是一项安全功能。
要允许您的浏览器调用您的 api,请将 Access-Control-**** header 添加到您的后端响应(从 Spring 回答时)。
见https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
允许所有来源的最基本header:
Access-Control-Allow-Origin: *
这是在 Spring 中添加那些 header 的教程:https://spring.io/guides/gs/rest-service-cors/
MyConfiguration.java
@Configuration
public class MyConfiguration implements WebMvcConfigurer {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedMethods("*");
}
}
我找到了答案
package com.ministry.demo.controller;
import java.util.List;
@RestController
@CrossOrigin
@RequestMapping(path = "district")
public class DistrictController {
@Autowired
DistrictService service;
@GetMapping(path = "getAll")
List<District> getAllDistrict(){
return service.getAllDistricts();
}
}
找到适合我的备选答案。
@Configuration
@EnableWebSecurity(debug = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeRequests()
.anyRequest().permitAll()
.and().httpBasic();
}
@Bean
public FilterRegistrationBean corsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration config = new CorsConfiguration();
config.addAllowedOrigin("*");
config.addAllowedHeader("*");
config.addAllowedMethod("*");
source.registerCorsConfiguration("/**", config);
FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source));
bean.setOrder(0);
return bean;
}
}