CORS 预检选项请求到 spring boot 服务器的 401 响应
401 response for CORS preflight OPTIONS request to springboot server
从我的 angular 应用程序到 spring 启动后端的跨域请求被 CORS 阻止,只有 POST,PUT。允许 GET 并按预期工作。
这是我的配置..
后端:
cors 过滤器 -
@Configuration
public class CORSConfiguration {
@Bean
public CorsFilter corsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration corsConfiguration = new CorsConfiguration();
corsConfiguration.setAllowCredentials(true);
corsConfiguration.setAllowedOrigins(Arrays.asList("http://localhost:4200"));
corsConfiguration.setAllowedMethods(Arrays.asList("PUT", "POST", "GET", "DELETE", "OPTIONS"));
corsConfiguration.setAllowedHeaders(Arrays.asList("Origin", "X-Requested-With", "X-Requested-By",
"Content-Type", "Accept", "Authorization"));
source.registerCorsConfiguration("/**", corsConfiguration);
return new CorsFilter(source);
}
}
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity.cors().and()
.csrf().disable()
.authorizeRequests()
.antMatchers(HttpMethod.OPTIONS).permitAll()
.antMatchers("/*").authenticated().and()
.jee().mappableAuthorities("xxxxxxx");
}
}
纳克:
public postIT(payload: Data): Observable<Data> {
return this.http.post<Data>(url, payload) , {
withCredentials: true
});
}
错误:
我在这里遗漏了什么?请告诉我。
能否尝试用以下列表替换“AllowedHeaders”:
"Access-Control-Allow-Credentials", "Content-Type", "Access-Control-Allow-Headers", "X-Requested-With", "Origin", "Accept"
我犯的错误是在web.xml,其中OPTIONS包含在<security-constraint>元素中。
已将其从此处删除,其余配置保持原样,我不再看到该问题。
从我的 angular 应用程序到 spring 启动后端的跨域请求被 CORS 阻止,只有 POST,PUT。允许 GET 并按预期工作。
这是我的配置..
后端:
cors 过滤器 -
@Configuration
public class CORSConfiguration {
@Bean
public CorsFilter corsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration corsConfiguration = new CorsConfiguration();
corsConfiguration.setAllowCredentials(true);
corsConfiguration.setAllowedOrigins(Arrays.asList("http://localhost:4200"));
corsConfiguration.setAllowedMethods(Arrays.asList("PUT", "POST", "GET", "DELETE", "OPTIONS"));
corsConfiguration.setAllowedHeaders(Arrays.asList("Origin", "X-Requested-With", "X-Requested-By",
"Content-Type", "Accept", "Authorization"));
source.registerCorsConfiguration("/**", corsConfiguration);
return new CorsFilter(source);
}
}
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity.cors().and()
.csrf().disable()
.authorizeRequests()
.antMatchers(HttpMethod.OPTIONS).permitAll()
.antMatchers("/*").authenticated().and()
.jee().mappableAuthorities("xxxxxxx");
}
}
纳克:
public postIT(payload: Data): Observable<Data> {
return this.http.post<Data>(url, payload) , {
withCredentials: true
});
}
错误:
我在这里遗漏了什么?请告诉我。
能否尝试用以下列表替换“AllowedHeaders”:
"Access-Control-Allow-Credentials", "Content-Type", "Access-Control-Allow-Headers", "X-Requested-With", "Origin", "Accept"
我犯的错误是在web.xml,其中OPTIONS包含在<security-constraint>元素中。
已将其从此处删除,其余配置保持原样,我不再看到该问题。