allowedOriginPatterns IllegalArgumentException 错误
allowedOriginPatterns IllegalArgumentException Error
我设置 SecurityConfig 设置的 class。
@Bean
public CorsFilter corsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
config.addAllowedOrigin("*");
config.addAllowedHeader("*");
config.addAllowedMethod("OPTIONS");
config.addAllowedMethod("HEAD");
config.addAllowedMethod("GET");
config.addAllowedMethod("PUT");
config.addAllowedMethod("POST");
config.addAllowedMethod("DELETE");
config.addAllowedMethod("PATCH");
source.registerCorsConfiguration("/**", config);
return new CorsFilter(source);
}
@Override
public void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
.cors()
.and()
.csrf().disable()
.exceptionHandling().authenticationEntryPoint(handler).and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.authorizeRequests()
.antMatchers("/auth/**")
.permitAll()
.anyRequest().authenticated();
httpSecurity.addFilterBefore(jwtAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
}
}
我在哪里实现 AuthController.AuthController.java
@RequestMapping("/auth")
@PostMapping("/register")
public ResponseEntity<String> register(@RequestBody UserRequst registerRequst){
if (userService.getOneUserByUserName(registerRequst.getUsername())!=null)
return new ResponseEntity<>("Username already in use.", HttpStatus.BAD_REQUEST);
User user = new User();
user.setUserName(registerRequst.getUsername());
user.setPassword(passwordEncoder.encode(registerRequst.getPassword()));
userService.userSave(user);
return new ResponseEntity<>("user successfully registered",HttpStatus.CREATED);
}
当我从 Postman 向 localhost:8080/auth/register 发送 post 请求时,出现此错误。我找不到原因。我是 java 后端的新手。我该如何修复错误。
java.lang.IllegalArgumentException: When allowCredentials is true, allowedOrigins cannot contain the special value "*" since that cannot be set on the "Access-Control-Allow-Origin" response header. To allow credentials to a set of origins, list them explicitly or consider using "allowedOriginPatterns" instead.
at org.springframework.web.cors.CorsConfiguration.validateAllowCredentials(CorsConfiguration.java:473) ~[spring-web-5.3.8.jar:5.3.8]
at org.springframework.web.cors.CorsConfiguration.checkOrigin(CorsConfiguration.java:577) ~[spring-web-5.3.8.jar:5.3.8]
at org.springframework.web.cors.DefaultCorsProcessor.checkOrigin(DefaultCorsProcessor.java:174) ~[spring-web-5.3.8.jar:5.3.8]
at org.springframework.web.cors.DefaultCorsProcessor.handleInternal(DefaultCorsProcessor.java:116) ~[spring-web-5.3.8.jar:5.3.8]
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.5.2</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<properties>
<java.version>1.8</java.version>
</properties>
我使用的操作系统是Ubuntu21.04.
问题出在错误信息中
java.lang.IllegalArgumentException: When allowCredentials is true, allowedOrigins cannot contain the special value "*" since that cannot be set on the "Access-Control-Allow-Origin" response header. To allow credentials to a set of origins, list them explicitly or consider using "allowedOriginPatterns" instead.
因为您有 config.setAllowCredentials(true);,所以您的 config.addAllowedOrigin("*"); 必须包含一个特定的 URL,它是尝试访问资源的来源。如果您正在编写基于 javascript 的前端,也许 http://localhost:3000。
我设置 SecurityConfig 设置的 class。
@Bean
public CorsFilter corsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
config.addAllowedOrigin("*");
config.addAllowedHeader("*");
config.addAllowedMethod("OPTIONS");
config.addAllowedMethod("HEAD");
config.addAllowedMethod("GET");
config.addAllowedMethod("PUT");
config.addAllowedMethod("POST");
config.addAllowedMethod("DELETE");
config.addAllowedMethod("PATCH");
source.registerCorsConfiguration("/**", config);
return new CorsFilter(source);
}
@Override
public void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
.cors()
.and()
.csrf().disable()
.exceptionHandling().authenticationEntryPoint(handler).and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.authorizeRequests()
.antMatchers("/auth/**")
.permitAll()
.anyRequest().authenticated();
httpSecurity.addFilterBefore(jwtAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
}
}
我在哪里实现 AuthController.AuthController.java @RequestMapping("/auth")
@PostMapping("/register")
public ResponseEntity<String> register(@RequestBody UserRequst registerRequst){
if (userService.getOneUserByUserName(registerRequst.getUsername())!=null)
return new ResponseEntity<>("Username already in use.", HttpStatus.BAD_REQUEST);
User user = new User();
user.setUserName(registerRequst.getUsername());
user.setPassword(passwordEncoder.encode(registerRequst.getPassword()));
userService.userSave(user);
return new ResponseEntity<>("user successfully registered",HttpStatus.CREATED);
}
当我从 Postman 向 localhost:8080/auth/register 发送 post 请求时,出现此错误。我找不到原因。我是 java 后端的新手。我该如何修复错误。
java.lang.IllegalArgumentException: When allowCredentials is true, allowedOrigins cannot contain the special value "*" since that cannot be set on the "Access-Control-Allow-Origin" response header. To allow credentials to a set of origins, list them explicitly or consider using "allowedOriginPatterns" instead.
at org.springframework.web.cors.CorsConfiguration.validateAllowCredentials(CorsConfiguration.java:473) ~[spring-web-5.3.8.jar:5.3.8]
at org.springframework.web.cors.CorsConfiguration.checkOrigin(CorsConfiguration.java:577) ~[spring-web-5.3.8.jar:5.3.8]
at org.springframework.web.cors.DefaultCorsProcessor.checkOrigin(DefaultCorsProcessor.java:174) ~[spring-web-5.3.8.jar:5.3.8]
at org.springframework.web.cors.DefaultCorsProcessor.handleInternal(DefaultCorsProcessor.java:116) ~[spring-web-5.3.8.jar:5.3.8]
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.5.2</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<properties>
<java.version>1.8</java.version>
</properties>
我使用的操作系统是Ubuntu21.04.
问题出在错误信息中
java.lang.IllegalArgumentException: When allowCredentials is true, allowedOrigins cannot contain the special value "*" since that cannot be set on the "Access-Control-Allow-Origin" response header. To allow credentials to a set of origins, list them explicitly or consider using "allowedOriginPatterns" instead.
因为您有 config.setAllowCredentials(true);,所以您的 config.addAllowedOrigin("*"); 必须包含一个特定的 URL,它是尝试访问资源的来源。如果您正在编写基于 javascript 的前端,也许 http://localhost:3000。