即使存在所有CORS标头,跨源资源共享问题
[英]Cross Origin Resource sharing issue even when all the CORS headers are present
问题描述
even though i have appended my service response with following provided 
CORS Headers : 即使我在服务响应中附加了以下提供的CORS标头 :
resp.setContentType("application/json");
resp.addHeader("Access-Control-Allow-Origin", "*");
resp.addHeader("Access-Control-Allow-Credentials", "true");
resp.addHeader("Access-Control-Allow-Methods", "GET,POST,OPTIONS");
resp.addHeader("Access-Control-Allow-Headers", "Origin,accept,content-type");
resp.flushBuffer();
i am still getting below error in the console while trying to access some of the POST web methods in the service through my AngularJS frontend. 尝试通过AngularJS前端访问服务中的某些POST Web方法时,控制台中仍然出现错误。
XMLHttpRequest cannot load http://192.***.*.***:8080/abc/def/search/vehicleManufacturer. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://192.***.*.***:8085' is therefore not allowed access.
However within the same class, some POST methods without any payloads are responding perfectly. 但是,在同一类中,一些没有任何有效负载的POST方法都可以完美地响应。 Any suggestions ? 有什么建议么 ?
EDIT---------> 编辑--------->
Below is my AngularJS client screen code for calling the web method:- 下面是我的AngularJS客户端屏幕代码,用于调用Web方法:-
getVehicleModel : function(searchData,$scope){
$http({
method:'POST',
url:'http://192.169.*.***:8085/abc/def/search/vehicleModel',
dataType:'jsonp',
data:searchData
}).
success(function(data){
console.log("vehicle model")
$scope.vehicleModel = data.Response;
});
},
2 个解决方案
解决方案1
4 已采纳 2015-04-13 09:27:39
I think the problem here is Preflighted Requests in CORS. 我认为这里的问题是CORS中的预检请求 。
From the Mozilla docs, 从Mozilla文档中,
Unlike simple requests (discussed above), "preflighted" requests first send an HTTP request by the OPTIONS method to the resource on the other domain, in order to determine whether the actual request is safe to send.
It uses methods other than GET, HEAD or POST.
- application/x-www-form-urlencoded,
- multipart/form-data
- text/plain
eg if the POST request sends an XML payload to the server using application/xml or text/xml, then the request is preflighted.
It sets custom headers in the request (eg the request uses a header such as X-PINGOTHER)
As explained above, even though you're making a simple POST request, the Content-Type in your request is application/json which is different from the 3 types mentioned above, so it's considered as a Preflight request and an OPTIONS request is fired before your actual POST request. 如上所述,即使您进行的是简单的POST请求,您请求中的Content-Type application/json ,与上述3种类型不同,因此它被视为Preflight请求,并且在触发OPTIONS请求之前您的实际POST请求。
You can solve this by implementing doOptions in your servlet, just add the headers there and it will work :) 您可以通过在servlet中实现doOptions来解决此问题,只需在其中添加标头即可使用:)
解决方案2
1 2015-04-13 09:39:34
The preflight (OPTIONS) is occurring due to the fact that you are sending a cross-origin ajax request AND specifying an Authorization header with this GET request. 由于您正在发送跨域ajax请求并为此GET请求指定一个Authorization标头,因此发生了预检(OPTIONS)。
Also (this is not causing an issue) I would suggest removing the contentType option. 另外(这不会引起问题),我建议删除contentType选项。 This doesn't make sense in the context of a GET request. 在GET请求的上下文中,这没有任何意义。 A GET request should not have any content. GET请求不应包含任何内容。 All data should be included in the query string or, possibly, headers. 所有数据都应包含在查询字符串或标题中。
The Authorization header will not be sent with the OPTIONS. Authorization标头不会与OPTIONS一起发送。 You must acknowledge it server-side, and then the browser will send the underlying GET. 您必须在服务器端确认它,然后浏览器将发送基础GET。 Read more about CORS at https://developer.mozilla.org/en-US/docs/HTTP/Access_control_CORS . 在https://developer.mozilla.org/zh-CN/docs/HTTP/Access_control_CORS上了解有关CORS的更多信息。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.