我的角度是对我的Jersey 2.0 REST服务器发出跨域请求,似乎没有任何浏览器插件(经测试的Firefox和Chrome)启用客户端CORS,请求无法通过 . 实际上,当请求命中它时,cors过滤器会设置所有cors设置的响应 .
但是,当通过curl请求它正确发送所有CORS设置时,浏览器回答:“跨源请求被阻止:同源策略不允许在http://PC_Server:8080/restpath/读取远程资源 . (原因:缺少CORS头'Access-Control-Allow-Origin') . ”
import java.io.IOException;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerResponseContext;
import javax.ws.rs.container.ContainerResponseFilter;
import javax.ws.rs.ext.Provider;
@Provider
public class CorsFilter implements ContainerResponseFilter {
private static final Logger LOGGER = Logger.getLogger(CorsFilter.class.getName());
// Access-Control-Allow-Origin
@Override
public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext) throws IOException {
// request
requestContext.getHeaders().add("Access-Control-Allow-Origin", "*");
requestContext.getHeaders().add("Access-Control-Allow-Headers",
"origin, content-type, accept, authorization");
requestContext.getHeaders().add("Access-Control-Allow-Credentials", "true");
requestContext.getHeaders().add("Access-Control-Allow-Methods",
"GET, POST, PUT, DELETE, OPTIONS, HEAD");
// response
responseContext.getHeaders().add("Access-Control-Allow-Origin", "*");
responseContext.getHeaders().add("Access-Control-Allow-Headers",
"origin, content-type, accept, authorization");
responseContext.getHeaders().add("Access-Control-Allow-Credentials", "true");
responseContext.getHeaders().add("Access-Control-Allow-Methods",
"GET, POST, PUT, DELETE, OPTIONS, HEAD");
LOGGER.log(Level.SEVERE, "CORS FILTER CALLED");
}
}