Angular4 CORS头包含多个值-Java 学习之路

请有人帮忙解决问题：后端spring应用程序web.xml

<filter>
        <filter-name>corsFilter</filter-name>
        <filter-class>package.controllers.auth.CorsFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>corsFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

过滤

public class CorsFilter implements Filter {
    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
            throws IOException, ServletException {
        HttpServletResponse httpResponse = (HttpServletResponse) response;
        httpResponse.setHeader("Access-Control-Allow-Origin", "*,*");
        httpResponse.setHeader("Access-Control-Allow-Methods", "POST, GET, PUT, OPTIONS, DELETE");
        httpResponse.setHeader("Access-Control-Allow-Headers", "Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,Authorization,Access-Control-Allow-Origin");
        httpResponse.setHeader("Access-Control-Expose-Headers", "Access-Control-Allow-Credentials");
        httpResponse.setHeader("Access-Control-Allow-Credentials", "true");
        httpResponse.setHeader("Access-Control-Max-Age", "10");
        System.out.println("---CORS Configuration Completed---");
        chain.doFilter(request, response);
    }

角度前端：

let headers = new Headers({ 'Content-Type': 'application/json' });
    let options = new RequestOptions({ headers: headers });
    return this.http.post(AppSettings.API_ENDPOINT + '/url', JSON.stringify(user), options)
      .map(response => response.json())      
  }

浏览器返回问题：

对预检请求的响应未通过访问控制检查：“Access-Control-Allow-Origin”标头包含多个值

1 回答

我也面临同样的问题 . 根本原因是cors标头多次出现 . 我评论说

httpResponse.setHeader("Access-Control-Allow-Origin", "*");"

线 .

我只有一个安全配置类，如下所示 . 这堂课解决了我的角色问题 .

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http
            // your security config here
            .authorizeRequests()
            .antMatchers(HttpMethod.TRACE, "/**").denyAll()
            .antMatchers("/admin/**").authenticated()
            .anyRequest().permitAll()
            .and().httpBasic()
            .and().headers().frameOptions().disable()
            .and().csrf().disable()
            .headers()
            // the headers you want here. This solved all my CORS problems! 
           /* .addHeaderWriter(new StaticHeadersWriter("Access-Control-Allow-Origin", "*"))*/
            .addHeaderWriter(new StaticHeadersWriter("Access-Control-Allow-Methods", "POST, GET"))
            .addHeaderWriter(new StaticHeadersWriter("Access-Control-Max-Age", "3600"))
            .addHeaderWriter(new StaticHeadersWriter("Access-Control-Allow-Credentials", "true"))
            .addHeaderWriter(new StaticHeadersWriter("Access-Control-Allow-Headers", "Origin,Accept,X-Requested-With,Content-Type,Access-Control-Request-Method,Access-Control-Request-Headers,Authorization"));
    }
}

在我的例子中，我只是在做POC，并从角度应用程序调用Rest资源 . 我只面临CORS的问题 . 要解决只有cors问题，最低限度的代码也足够了 .

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {

    }
}

回复于 2024-04-26T13:38:55+08:00

Angular4 CORS头包含多个值

1 回答

相关问题