当前位置: 首页 > 知识库问答 >
问题:

响应状态200,但仍然在角度8中得到CORS错误[重复]

邵诚
2023-03-14

我在我的Angluar8应用程序中有一个CORS错误的问题。

我从服务器收到状态为200和有效JWT令牌的响应,我认为这意味着服务器配置正确,但控制台中仍然出现错误:

@Component
public class CorsFilter implements Filter {
    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletResponse response = (HttpServletResponse) servletResponse;

        response.setHeader("Access-Control-Allow-Origin", "http://localhost:4200");
        response.setHeader("Access-Control-Allow-Methods", "GET,POST,DELETE,PUT,OPTIONS");
        response.setHeader("Access-Control-Allow-Headers", "*");
        response.setHeader("Access-Control-Allow-Credentials", "true");
        response.setHeader("Access-Control-Max-Age", "180");

        filterChain.doFilter(servletRequest, servletResponse);
    }
}
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    private final RestAuthenticationSuccessHandler authenticationSuccessHandler;
    private final RestAuthenticationFailureHandler authenticationFailureHandler;
    private final CustomUserDetailsService userDetailsService;
    private final String secret;
    private final TenantFilter tenantFilter;
    private final CorsFilter corsFilter;
    private final UserTenantRelationRepository userTenantRelationRepository;

    @Autowired
    public SecurityConfig(RestAuthenticationSuccessHandler authenticationSuccessHandler,
                          RestAuthenticationFailureHandler authenticationFailureHandler,
                          CustomUserDetailsService userDetailsService,
                          @Value("${jwt.secret}") String secret, TenantFilter tenantFilter, CorsFilter corsFilter, UserTenantRelationRepository userTenantRelationRepository) {
        this.authenticationSuccessHandler = authenticationSuccessHandler;
        this.authenticationFailureHandler = authenticationFailureHandler;
        this.userDetailsService = userDetailsService;
        this.secret = secret;
        this.tenantFilter = tenantFilter;
        this.corsFilter = corsFilter;
        this.userTenantRelationRepository = userTenantRelationRepository;
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .addFilterBefore(corsFilter, SessionManagementFilter.class)
                .addFilterBefore(tenantFilter, BasicAuthenticationFilter.class)
                .csrf().disable()
                .authorizeRequests()
                .antMatchers("/").permitAll()
                .antMatchers("/login").permitAll()
                .antMatchers("/register").permitAll()
                .anyRequest().authenticated()
                .and()
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
                .addFilter(authenticationFilter(userTenantRelationRepository))
                .addFilter(new JwtAuthorizationFilter(authenticationManager(), userDetailsService, secret))
                .exceptionHandling()
                .authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED));
    }

@Component
public class CorsFilter extends OncePerRequestFilter {

    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
        response.setHeader("Access-Control-Allow-Origin", "*");
        response.setHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
        response.setHeader("Access-Control-Max-Age", "3600");
        response.setHeader("Access-Control-Allow-Headers", "authorization, content-type, xsrf-token");
        response.addHeader("Access-Control-Expose-Headers", "xsrf-token");
        if ("OPTIONS".equals(request.getMethod())) {
            response.setStatus(HttpServletResponse.SC_OK);
        } else {
            filterChain.doFilter(request, response);
        }
    }
}

现在配置为:

@Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .addFilterBefore(corsFilter, ChannelProcessingFilter.class)
                .addFilterBefore(tenantFilter, BasicAuthenticationFilter.class)
                .csrf().disable()
                .anonymous().disable()
                .authorizeRequests()
                .antMatchers("/").permitAll()
                .antMatchers("/login").permitAll()
                .antMatchers("/register").permitAll()
                .anyRequest().authenticated()
                .and()
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
                .addFilter(authenticationFilter(userTenantRelationRepository))
                .addFilter(new JwtAuthorizationFilter(authenticationManager(), userDetailsService, secret))
                .exceptionHandling()
                .authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED));
    }

谢谢大家的提示。

共有1个答案

沈飞跃
2023-03-14

如果您的cors请求是其他的,那么GET,浏览器将发出一个选项请求(飞行前请求),它不会发送身份验证头或类似的东西。因此,在您的安全配置中,您需要允许对该URL的匿名选项请求。

 类似资料:
  • 我对本页的第三个选项提出请求:http://www.groupkt.com/post/5c85b92f/restful-webservice-to-get-and-search-states-and-remittes-of-a-country.htm 我得到了我想要的回复,但我也得到了一个CORS错误,对我来说没有意义...他们说他们启用了CORS results.component.ts:28

  • 角度http调用: 回答 不使用代码格式化,因为在没有它的情况下阅读是非常困难的。 错误HttpErrorResponse httpclient默认返回响应的json,这是我正在积极研究的问题。但我不知道如何解决这个问题。

  • 问题内容: 这个问题已经在这里有了答案 : 我的PDO声明无效 (1个答案) 2年前关闭。 谁能解释为什么 返回,而 两者都返回 ,根据文档说明这意味着成功?它是an ,实际上什么都没有插入到数据库中…所以,为什么我会收到来自的成功消息? 如果有帮助,这是代码… 问题答案: 这是因为引用成功执行的最后一条语句。由于返回false,因此它不能引用该语句(不引用任何内容或引用之前的查询)。 至于为什么

  • 问题内容: 我正在尝试从API获取JSON对象,并且该API的开发人员说他们刚刚启用了CORS,但我仍然遇到以下错误。 XMLHttpRequest无法加载http://example.com/data/action/getGame/9788578457657。所请求的资源上没有“ Access-Control-Allow-Origin”标头。因此,不允许访问源“ http://dev.our-

  • CORS策略阻止从来源“http://localhost:3000”访问位于“http://localhost:8080/api”的XMLHttpRequest:请求的资源上没有“access-control-allog-origin”标头。 你知道吗?

  • 我为所有源和头启用了cors,但当我从angular应用程序调用方法到spring Boot时,仍然会出现cors错误。 控制台的Cors错误: 我的(我调用getbyemail): 我从我的angular应用程序中调用get: 我还尝试添加: 并在我的中添加了配置文件: 但还是没有运气...