响应中未设置Access-Control-Allow-Origin
我尝试了几种方法来设置CORS头:
-
null
<!-- Spring Container -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextClass</param-name>
<param-value>org.springframework.web.context.support.AnnotationConfigWebApplicationContext</param-value>
</context-param>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>de.hotelonlineportal.config.AppConfig</param-value>
</context-param>
<!-- Device Detection -->
<filter>
<filter-name>deviceResolverRequestFilter</filter-name>
<filter-class>org.springframework.mobile.device.DeviceResolverRequestFilter</filter-class>
</filter>
<!-- Rest Dispatcher -->
<servlet>
<servlet-name>rest-dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value></param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>rest-dispatcher</servlet-name>
<url-pattern>/rest/*</url-pattern>
</servlet-mapping>
<!-- Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<!-- CORS Filter -->
<filter>
<filter-name>cors-filter</filter-name>
<filter-class>de.hotelonlineportal.security.CORSFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>cors-filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
public class CORSFilter implements Filter {
private static Logger logger = LogManager.getLogger(CORSFilter.class);
public CORSFilter() {
logger.info("SimpleCORSFilter init");
}
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin"));
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS,DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "Content-Type, Accept, X-Requested-With, remember-me");
chain.doFilter(req, res);
}
@Override
public void init(FilterConfig filterConfig) {
}
@Override
public void destroy() {
}
}
Chrome调试器在控制台中显示了以下内容:
XMLHttpRequest无法加载http://localhost:8080/hop-backend/rest/shop/listhotelslandingPage。请求的资源上没有“访问-控制-允许-来源”标头。因此,不允许访问源'http://localhost:9000'。响应的HTTP状态代码为500。
共有1个答案
检查您正在使用Tomcat。尝试使用tomcat-corsfilter。
使用filter和init-param如下所示:
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
</init-param>
<init-param>
<param-name>cors.exposed.headers</param-name>
<param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
</init-param>
<init-param>
<param-name>cors.support.credentials</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.preflight.maxage</param-name>
<param-value>10</param-value>
</init-param>
</filter>
<!-- CORS Filter -->
<filter>
<filter-name>cors-filter</filter-name>
<filter-class>de.hotelonlineportal.security.CORSFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>cors-filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
-
Access-Control-Allow-Origin响应 header 指示是否该响应可以与具有给定资源共享原点。 Header type Response header Forbidden header name no 语法 Access-Control-Allow-Origin: *Access-Control-Allow-Origin: <origin> 指令 * 对于没有凭据的请求,服务
-
的Access-Control-Allow-Headers响应报头在响应用于一个预检请求指示哪个HTTP标头将通过提供Access-Control-Expose-Headers使实际的请求时。 的简单标头,Accept,Accept-Language,Content-Language,Content-Type(任一,但仅与一个MIME类型其解析值的(忽略参数)application/x-www-f
-
Access-Control-Allow-Credentials响应报头指示的请求的响应是否可以暴露于该页面。当true值返回时它可以被暴露。 凭证是 Cookie ,授权标头或 TLS 客户端证书。 当作为对预检请求的响应的一部分使用时,它指示是否可以使用凭证进行实际请求。请注意,简单的GET请求不是预检的,所以如果请求使用凭证的资源,如果此资源不与资源一起返回,浏览器将忽略该响应,并且不会返回
-
问题内容: 我正在尝试从跨域制作登录页面,但无法解决问题,错误是: XMLHttpRequest无法加载http://localhost/testing/resp.php。在飞行前响应中,Access- Control-Allow-Headers不允许请求标头字段Access-Control-Allow-Headers。 我的Javascript代码是: http://localhost/test
-
我参考了https://www.concretepage.com/spring-4/spring-4-rest-cors-integration-using-crossorigin-annotation-xml-filter-example,根据它,orgins=“http://localhost:4200”应该将响应头中的access-control-allog-orgin设置为提供给它的值,但
-
问题内容: 我编写了一个小型的Rails应用程序,以通过xmlhttprequests将内容提供给另一个站点,该站点将从另一个域运行(无法在同一服务器上运行它们)。我知道我将需要在我的rails服务器上设置access- control-allow-origin,以允许发出请求的网页访问此材料。 关于如何使用Apache进行此操作的文档似乎有很多文献记录,这可能是部署站点后将使用的服务器。虽然在开