我正在开发Cordova应用程序 .
当我从我的物理设备(而不是模拟器)上运行的Cordova应用程序提交$ .ajax POST请求时,我收到状态码403禁止 .
我可以从设备发出GET请求没问题 . 我也可以使用POST登录(收到302 Found Response) .
Chrome的请求处理得非常完美 .
我正在使用Spring / Tomcat . 我已经在我的tomcat web.xml中添加了CORS过滤器,并在Cordova中添加了allow-originins *到我的config.xml .
以下是我在发出POST请求时生成的日志提取,首先来自Chrome,其次来自我的设备 .
Chrome Request:
org.springframework.security.web.FilterChainProxy:/ submit-check在第1位,共11页,在另外的过滤链中;触发过滤器:'WebAsyncManagerIntegrationFilter'org.springframework.security.web.FilterChainProxy:/ submit-check在第2位的第11位附加过滤器链;触发过滤器:'SecurityContextPersistenceFilter'org.springframework.security.web.context.HttpSessionSecurityContextRepository:当前不存在HttpSession org.springframework.security.web.context.HttpSessionSecurityContextRepository:HttpSession中没有可用的SecurityContext:null . 将创建一个新的 . org.springframework.security.web.FilterChainProxy:/提交检查在第3位的11位额外的过滤器链;触发过滤器:'HeaderWriterFilter'org.springframework.security.web.header.writers.HstsHeaderWriter:不注入HSTS头,因为它与requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@461e0eb8 org不匹配 . springframework.security.web.FilterChainProxy:/ submit-check at 4 of 11 in additional filter chain;触发过滤器:'LogoutFilter'org.springframework.security.web.util.matcher.AntPathRequestMatcher:检查请求匹配:'/ submit-check';针对'/ j_spring_security_logout'org.springframework.security.web.FilterChainProxy:/ submit-check在第5位的11位进一步过滤链;触发过滤器:'UsernamePasswordAuthenticationFilter'org.springframework.security.web.util.matcher.AntPathRequestMatcher:检查请求匹配:'/ submit-check';对'/ j_spring_security_check'org.springframework.security.web.FilterChainProxy:/ submit-check在第6位的11位进一步过滤链;触发过滤器:'RequestCacheAwareFilter'org.springframework.security.web.FilterChainProxy:/ submit-check在第7位的11位额外过滤器链;触发过滤器:'SecurityContextHolderAwareRequestFilter'org.springframework.security.web.FilterChainProxy:/ submit-check at 8 of 8 in additional filter chain;触发过滤器:'AnonymousAuthenticationFilter'org.springframework.security.web.authentication.AnonymousAuthenticationFilter:带有匿名标记的填充SecurityContextHolder:'org.springframework.security.authentication.AnonymousAuthenticationToken@9055c2bc:Principal:anonymousUser;证书:[保护];认证:真实;详细信息:org.springframework.security.web.authentication.WebAuthenticationDetails@b364:RemoteIpAddress:0:0:0:0:0:0:0:1; SessionId:null;授权机构:ROLE_ANONYMOUS'org.springframework.security.web.FilterChainProxy:/提交 - 检查,位于第9位,共11个额外的过滤链;触发过滤器:'SessionManagementFilter'org.springframework.security.web.session.SessionManagementFilter:请求的会话ID 2BB345F22D731DB9A10B0BB65950502D无效 . org.springframework.security.web.FilterChainProxy:/ submit-check在第10位的11位附加过滤链中;触发过滤器:'ExceptionTranslationFilter'org.springframework.security.web.FilterChainProxy:/ submit-check at 11 of 11 in additional filter chain;触发过滤器:'FilterSecurityInterceptor'org.springframework.security.web.util.matcher.AntPathRequestMatcher:检查请求匹配:'/ submit-check';针对'/**.html'org.springframework.security.web.access.intercept.FilterSecurityInterceptor:公共对象 - 未尝试身份验证org.springframework.security.web.FilterChainProxy:/ submit-check已到达其他过滤器链的末尾;继续使用原始链org.springframework.web.servlet.DispatcherServlet:名为'dispatcher'的DispatcherServlet处理[/ ab / submit-check]的POST请求org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping:向上看path / submit-check的handler方法org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping:返回处理程序方法[public org.springframework.web.servlet.ModelAndView com.gm.ab.controller.MobileNavigation.save(java.lang.String)] org .springframework.beans.factory.support.DefaultListableBeanFactory:返回单例bean'mobileNavigation'的缓存实例org.springframework.web.servlet.DispatcherServlet:Null ModelAndView返回DispatcherServlet,名称为'dispatcher':假设HandlerAdapter完成了请求处理org.springframework . web.servlet.DispatcherServlet:已成功完成请求org.springframework.security.web.access.ExceptionTranslationFilter:正常处理链接org.springframework.security.web.context.HttpSessionSecurityContextRepository:SecurityContext为空或内容为匿名 - 上下文不会存储在HttpSession中 . org.springframework.security.web.context.SecurityContextPersistenceFilter:SecurityContextHolder现已清除,请求处理完成
Cordova Request
org.springframework.security.web.FilterChainProxy:/ submit-check在第1位,共11页,在另外的过滤链中;触发过滤器:'WebAsyncManagerIntegrationFilter'org.springframework.security.web.FilterChainProxy:/ submit-check在第2位的第11位附加过滤器链;触发过滤器:'SecurityContextPersistenceFilter'org.springframework.security.web.context.HttpSessionSecurityContextRepository:当前不存在HttpSession org.springframework.security.web.context.HttpSessionSecurityContextRepository:HttpSession中没有可用的SecurityContext:null . 将创建一个新的 . org.springframework.security.web.FilterChainProxy:/提交检查在第3位的11位额外的过滤器链;触发过滤器:'HeaderWriterFilter'org.springframework.security.web.header.writers.HstsHeaderWriter:不注入HSTS头,因为它与requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@461e0eb8 org不匹配 . springframework.security.web.FilterChainProxy:/ submit-check at 4 of 11 in additional filter chain;触发过滤器:'LogoutFilter'org.springframework.security.web.util.matcher.AntPathRequestMatcher:检查请求匹配:'/ submit-check';针对'/ j_spring_security_logout'org.springframework.security.web.FilterChainProxy:/ submit-check在第5位的11位进一步过滤链;触发过滤器:'UsernamePasswordAuthenticationFilter'org.springframework.security.web.util.matcher.AntPathRequestMatcher:检查请求匹配:'/ submit-check';对'/ j_spring_security_check'org.springframework.security.web.FilterChainProxy:/ submit-check在第6位的11位进一步过滤链;触发过滤器:'RequestCacheAwareFilter'org.springframework.security.web.FilterChainProxy:/ submit-check在第7位的11位额外过滤器链;触发过滤器:'SecurityContextHolderAwareRequestFilter'org.springframework.security.web.FilterChainProxy:/ submit-check at 8 of 8 in additional filter chain;使用匿名标记:'org.springframework.security.authentication.AnonymousAuthenticationToken@90550640:Principal:anonymousUser;证书:[保护];认证:真实;详细信息:org.springframework.security.web.authentication.WebAuthenticationDetails@7798:RemoteIpAddress:192.168.1.5; SessionId:null;授权机构:ROLE_ANONYMOUS'org.springframework.security.web.FilterChainProxy:/提交 - 检查,位于第9位,共11个额外的过滤链;触发过滤器:'SessionManagementFilter'org.springframework.security.web.session.SessionManagementFilter:请求的会话ID F26DAEDA16CA5DAE443ABF8A4ADD836F无效 . org.springframework.security.web.FilterChainProxy:/ submit-check在第10位的11位附加过滤链中;触发过滤器:'ExceptionTranslationFilter'org.springframework.security.web.FilterChainProxy:/ submit-check at 11 of 11 in additional filter chain;触发过滤器:'FilterSecurityInterceptor'org.springframework.security.web.util.matcher.AntPathRequestMatcher:检查请求匹配:'/ submit-check';针对'/**.html'org.springframework.security.web.access.intercept.FilterSecurityInterceptor:公共对象 - 未尝试身份验证org.springframework.security.web.FilterChainProxy:/ submit-check到达额外过滤链的末端;继续使用原始链org.springframework.security.web.access.ExceptionTranslationFilter:正常处理链接org.springframework.security.web.context.HttpSessionSecurityContextRepository:SecurityContext为空或内容为匿名 - 上下文不会存储在HttpSession中 . org.springframework.security.web.context.SecurityContextPersistenceFilter:SecurityContextHolder现已清除,请求处理完成
日志是相同的,除了源自Chrome的请求中的这些行:
org.springframework.web.servlet.DispatcherServlet:名为'dispatcher'的DispatcherServlet处理[/ ab / submit-check]的POST请求org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping:查找处理程序方法path / submit-check org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping:返回处理程序方法[public org.springframework.web.servlet.ModelAndView com.gm.ab.controller.MobileNavigation.save(java.lang) .string)] org.springframework.beans.factory.support.DefaultListableBeanFactory:返回单例bean的缓存实例'mobileNavigation'org.springframework.web.servlet.DispatcherServlet:Null ModelAndView返回DispatcherServlet,名称为'dispatcher':假设HandlerAdapter已完成请求处理org.springframework.web.servlet.DispatcherServlet:成功完成请求
出于某种原因,源自Cordova的请求没有发送到Spring的DispatcherServlet,我不知道为什么不这样做 .
我已将Weinre安装到远程调试中,Chrome和Cordova发送的请求数据似乎完全相同(尽管Weinre错过了大部分标头信息) .
1 回答
管理来解决这个问题 .
问题是我的tomcat web.xml中有一个CORS过滤器(conf中的tomcat全局web.xml) . 对于不需要在那里的Cordova应用程序 .
Cordova通过 Headers “Origin:file://”发送请求 . 如果在Tomcat中设置了CORS过滤器,则请求将失败 .
从web.xml中删除CORS过滤器有效,我现在可以POST数据 .