angular2Spring靴交叉原点cors
test() {
let jwt = localStorage.getItem('token');
let headers = new Headers({
'Content-Type': 'application/json; charset=utf-8',
'Authorization': 'Bearer ' + jwt
});
let options = new RequestOptions({ headers: headers });
this.http.get('http://localhost:8080/service/events/byTeamId/1', options)
.map((response: Response) => response.json())
.subscribe(
data => console.log('Response: '+data),
err => console.log('error: '+err),
() => console.log('Secret Quote Complete')
);
}
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
@Autowired
private SimpleCorsFilter simpleCorsFilter;
@Resource
private UserDetailsServiceImpl userDetailsService;
@Resource
private JwtAuthenticationProvider jwtAuthenticationProvider;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/", "/home", "/login", "/register").permitAll()
.anyRequest().authenticated()
.and()
.addFilterBefore(simpleCorsFilter, ChannelProcessingFilter.class)
.addFilterBefore(jwtAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class)
.logout()
.permitAll()
.and().csrf().disable();
}...
我的SimpleCorsFilter如下所示:
@Component
public class SimpleCorsFilter implements Filter {
private final Logger log = LoggerFactory.getLogger(SimpleCorsFilter.class);
public SimpleCorsFilter() {
log.info("SimpleCORSFilter init");
}
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
response.setHeader("Access-Control-Allow-Origin", "http://localhost:4200");
//response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin"));
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Allow-Methods", "POST, PUT, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "Content-Type, Accept, X-Requested-With, remember-me, Authorization");
chain.doFilter(req, res);
}
@Override
public void init(FilterConfig filterConfig) {
}
@Override
public void destroy() {
}
}
机智的邮递员它工作正常:
邮递员得到请求
restlet.com/blog/2016/09/27/how-to-fix-cors-problems/
并调查了StackOverflow上发布的几个类似问题。
共有1个答案
对我来说,它使用这个解决方案:将其添加到Spring Security配置中:
.antMatchers(org.springframework.http.HttpMethod.OPTIONS, "/service/**").permitAll()
http
.authorizeRequests()
.antMatchers("/", "/home", "/login", "/register").permitAll()
.antMatchers(org.springframework.http.HttpMethod.OPTIONS, "/service/**").permitAll()
.anyRequest().authenticated()
.and()
.addFilterBefore(simpleCorsFilter, ChannelProcessingFilter.class)
.addFilterBefore(jwtAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class)
.logout()
.permitAll()
.and().csrf().disable();
(仍然需要jwt令牌,我多么想拥有它)
来自:
-
我的web应用程序有一个小问题:一个连接到Spring BootAPI的angular2应用程序。 如何解决它,这样我就可以使用PUT方法而不会得到这个错误?
-
我的网页(wp1)有一个iframe。iframe的来源是另一个网页(wp2)。我在wp1上有一些javascript函数,试图操纵wp2的内容。然而,浏览器会让“阻止原点为空的帧”访问跨原点帧我怎么才能绕过这个?
-
Backend-URL=http://localhost:8080 Frontend-URL=http://localhost:8081 在main.js文件中,我为Axios添加了以下默认值: 在后端站点上,我添加了以下条目:
-
调用JSON时发生此错误。我不知道为什么会发生这个错误。 错误:
-
其实思想可以按照从尾开始比较两个链表,如果相交,则从尾开始必然一致,只要从尾开始比较,直至不一致的地方即为交叉点,如图所示 # 使用a,b两个list来模拟链表,可以看出交叉点是 7这个节点 a = [1,2,3,7,9,1,5] b = [4,5,7,9,1,5] for i in range(1,min(len(a),len(b))): if i==1 and (a[-1] != b[-
-
我想允许用户输入他们的网址并在iframe中浏览。在他们点击确认按钮后,我将从iframe中获得网址浏览。 但我从iframe获取url后出错了 例外:com。谷歌。gwt。事件共享。雨伞异常:捕获异常:(SecurityError):阻止了具有原点的帧”http://localhost“从访问交叉原点帧。