响应状态200,但仍然在角度8中得到CORS错误[重复]
我在我的Angluar8应用程序中有一个CORS错误的问题。
我从服务器收到状态为200和有效JWT令牌的响应,我认为这意味着服务器配置正确,但控制台中仍然出现错误:
@Component
public class CorsFilter implements Filter {
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) servletResponse;
response.setHeader("Access-Control-Allow-Origin", "http://localhost:4200");
response.setHeader("Access-Control-Allow-Methods", "GET,POST,DELETE,PUT,OPTIONS");
response.setHeader("Access-Control-Allow-Headers", "*");
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Max-Age", "180");
filterChain.doFilter(servletRequest, servletResponse);
}
}
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
private final RestAuthenticationSuccessHandler authenticationSuccessHandler;
private final RestAuthenticationFailureHandler authenticationFailureHandler;
private final CustomUserDetailsService userDetailsService;
private final String secret;
private final TenantFilter tenantFilter;
private final CorsFilter corsFilter;
private final UserTenantRelationRepository userTenantRelationRepository;
@Autowired
public SecurityConfig(RestAuthenticationSuccessHandler authenticationSuccessHandler,
RestAuthenticationFailureHandler authenticationFailureHandler,
CustomUserDetailsService userDetailsService,
@Value("${jwt.secret}") String secret, TenantFilter tenantFilter, CorsFilter corsFilter, UserTenantRelationRepository userTenantRelationRepository) {
this.authenticationSuccessHandler = authenticationSuccessHandler;
this.authenticationFailureHandler = authenticationFailureHandler;
this.userDetailsService = userDetailsService;
this.secret = secret;
this.tenantFilter = tenantFilter;
this.corsFilter = corsFilter;
this.userTenantRelationRepository = userTenantRelationRepository;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.addFilterBefore(corsFilter, SessionManagementFilter.class)
.addFilterBefore(tenantFilter, BasicAuthenticationFilter.class)
.csrf().disable()
.authorizeRequests()
.antMatchers("/").permitAll()
.antMatchers("/login").permitAll()
.antMatchers("/register").permitAll()
.anyRequest().authenticated()
.and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.addFilter(authenticationFilter(userTenantRelationRepository))
.addFilter(new JwtAuthorizationFilter(authenticationManager(), userDetailsService, secret))
.exceptionHandling()
.authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED));
}
@Component
public class CorsFilter extends OncePerRequestFilter {
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "authorization, content-type, xsrf-token");
response.addHeader("Access-Control-Expose-Headers", "xsrf-token");
if ("OPTIONS".equals(request.getMethod())) {
response.setStatus(HttpServletResponse.SC_OK);
} else {
filterChain.doFilter(request, response);
}
}
}
现在配置为:
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.addFilterBefore(corsFilter, ChannelProcessingFilter.class)
.addFilterBefore(tenantFilter, BasicAuthenticationFilter.class)
.csrf().disable()
.anonymous().disable()
.authorizeRequests()
.antMatchers("/").permitAll()
.antMatchers("/login").permitAll()
.antMatchers("/register").permitAll()
.anyRequest().authenticated()
.and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.addFilter(authenticationFilter(userTenantRelationRepository))
.addFilter(new JwtAuthorizationFilter(authenticationManager(), userDetailsService, secret))
.exceptionHandling()
.authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED));
}
谢谢大家的提示。
共有1个答案
如果您的cors请求是其他的,那么GET,浏览器将发出一个选项请求(飞行前请求),它不会发送身份验证头或类似的东西。因此,在您的安全配置中,您需要允许对该URL的匿名选项请求。
-
我对本页的第三个选项提出请求:http://www.groupkt.com/post/5c85b92f/restful-webservice-to-get-and-search-states-and-remittes-of-a-country.htm 我得到了我想要的回复,但我也得到了一个CORS错误,对我来说没有意义...他们说他们启用了CORS results.component.ts:28
-
角度http调用: 回答 不使用代码格式化,因为在没有它的情况下阅读是非常困难的。 错误HttpErrorResponse httpclient默认返回响应的json,这是我正在积极研究的问题。但我不知道如何解决这个问题。
-
问题内容: 这个问题已经在这里有了答案 : 我的PDO声明无效 (1个答案) 2年前关闭。 谁能解释为什么 返回,而 两者都返回 ,根据文档说明这意味着成功?它是an ,实际上什么都没有插入到数据库中…所以,为什么我会收到来自的成功消息? 如果有帮助,这是代码… 问题答案: 这是因为引用成功执行的最后一条语句。由于返回false,因此它不能引用该语句(不引用任何内容或引用之前的查询)。 至于为什么
-
问题内容: 我正在尝试从API获取JSON对象,并且该API的开发人员说他们刚刚启用了CORS,但我仍然遇到以下错误。 XMLHttpRequest无法加载http://example.com/data/action/getGame/9788578457657。所请求的资源上没有“ Access-Control-Allow-Origin”标头。因此,不允许访问源“ http://dev.our-
-
CORS策略阻止从来源“http://localhost:3000”访问位于“http://localhost:8080/api”的XMLHttpRequest:请求的资源上没有“access-control-allog-origin”标头。 你知道吗?
-
我为所有源和头启用了cors,但当我从angular应用程序调用方法到spring Boot时,仍然会出现cors错误。 控制台的Cors错误: 我的(我调用getbyemail): 我从我的angular应用程序中调用get: 我还尝试添加: 并在我的中添加了配置文件: 但还是没有运气...