[英]AngularJS / Alfresco / CORS filter issue: No 'Access-Control-Allow-Origin' header
I have some problem with Alfresco (5.0.d) , my AngularJS (1.4.3) client and the CORS settings (typical cross-domain / No'Access-Control-Allow-Origin' header is present on the requested resource problem). 我的Alfresco(5.0.d) ,我的AngularJS(1.4.3)客户端和CORS设置存在一些问题(典型的跨域/请求的资源问题上没有No'Access-Control-Allow-Origin'标头 )。
I am calling the Alfresco REST API from an AngularJS application running on localhost: 3000 , to an Alfresco instance running on localhost: 8080 (Tomcat, no reverse-proxy in front). 我正在从在localhost: 3000上运行的AngularJS应用程序调用Alfresco REST API,到在localhost: 8080上运行的Alfresco实例(Tomcat,前面没有反向代理)。
This XHR call works fine: 这个XHR调用工作正常:
http://localhost:8080/alfresco/service/slingshot/live-search-docs?t=Project&u=admin&pw=admin&alf_ticket=TICKET_9d9780c83b8b9525c7acb9d3d8da66c5c902fb76
HTTP://本地主机:8080 /户外/服务/弹弓/实时搜索文档T =项目&U =管理及PW =管理及alf_ticket = TICKET_9d9780c83b8b9525c7acb9d3d8da66c5c902fb76
This one 这个
http://localhost:8080/alfresco/service/api/login?u=admin&pw=admin
HTTP://本地主机:8080 /户外/服务/ API /登录U =管理及PW =管理员
only works fine in Internet Explorer 11, but in Chrome and Firefox , I am getting status code 200 returned with 0 bytes and the error in the JS console: 仅在Internet Explorer 11中可以正常工作,但是在Chrome和Firefox中 ,我得到的状态码200的返回值为0字节,并且JS控制台中出现错误:
XMLHttpRequest cannot load http://localhost:8080/alfresco/service/api/login?u=admin&pw=admin .
XMLHttpRequest无法加载http:// localhost:8080 / alfresco / service / api / login?u = admin&pw = admin 。 No 'Access-Control-Allow-Origin' header is present on the requested resource.
所请求的资源上没有“ Access-Control-Allow-Origin”标头。 Origin ' http://localhost:3000 ' is therefore not allowed access.
因此,不允许访问源' http:// localhost:3000 '。
In the Alfresco web.xml, I have enabled the CORS filter as follows: 在Alfresco web.xml中,我启用了CORS过滤器,如下所示:
<!-- CORS Filter Mappings Begin -->
<filter-mapping>
<filter-name>CORS</filter-name>
<url-pattern>/api/*</url-pattern>
<url-pattern>/service/*</url-pattern>
<url-pattern>/s/*</url-pattern>
<url-pattern>/cmisbrowser/*</url-pattern>
</filter-mapping>
<!-- CORS Filter Mappings End -->
<!-- CORS Filter Begin -->
<filter>
<filter-name>CORS</filter-name>
<filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class>
<init-param>
<param-name>cors.allowGenericHttpRequests</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.allowOrigin</param-name>
<!-- <param-value>http://localhost:3000 http://localhost:8081 http://localhost:8080 https://localhost</param-value> -->
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>cors.allowSubdomains</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.supportedMethods</param-name>
<param-value>GET, HEAD, POST, PUT, DELETE, OPTIONS</param-value>
</init-param>
<init-param>
<param-name>cors.supportedHeaders</param-name>
<param-value>origin, authorization, x-file-size, x-file-name, content-type, accept, x-file-type</param-value>
</init-param>
<init-param>
<param-name>cors.supportsCredentials</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.maxAge</param-name>
<param-value>3600</param-value>
</init-param>
</filter>-->
<!-- CORS Filter End -->
The calls from within Angular: 来自Angular的调用:
The one that works fine: 一个工作正常:
$http.get('http://localhost:8080/alfresco/service/slingshot/live-search-docs?t=Project&alf_ticket=TICKET_9d9780c83b8b9525c7acb9d3d8da66c5c902fb76').then(function(response) {
console.log('DATA LOADED: ' + response.items);
$scope.contents = response.items;
});
Response headers: 响应头:
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Content-Type: application/json;charset=UTF-8
Content-Length: 85
Date: Thu, 13 Aug 2015 06:37:24 GMT
The one that fails: 失败的那一个:
$http.get('http://localhost:8080/alfresco/service/api/login?u=' + $scope.user.email + '&pw=' + $scope.user.password).
then(function(response) {
console.log('ALF_TICKET: ' + response.data.ticket);
$scope.alfTicket = response.data.ticket;
$state.go('admin-panel.default.introduction');
}, function(response) {
console.log('LOGIN FAILED');
});
Response headers: 响应头:
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://localhost:3000
Vary: Origin
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Date: Thu, 13 Aug 2015 06:38:36 GMT
I have the $httpProvider configured in my AngularJS app, just to be sure: 我必须在AngularJS应用中配置$ httpProvider ,以确保:
.config(['$httpProvider', function($httpProvider) {
$httpProvider.defaults.useXDomain = true;
delete $httpProvider.defaults.headers.common['X-Requested-With'];
}
A CURL request simulated from a different host works fine , interestingly though, I do not get a Access-Control-Allow-Origin
header back in the response despite the CORS filter enabled in Alfresco: 尽管从Alfresco中启用了CORS过滤器,但是从另一台主机模拟的CURL请求也 可以正常工作 ,但是有趣的是,我没有在响应中返回
Access-Control-Allow-Origin
标头:
curl -H "Origin: http://www.microsoft.com" --verbose "http://alfresco.mycompany.ch:8080/alfresco/service/api/login?u=admin&pw=12@echo"
* Hostname was NOT found in DNS cache
* Trying 10.10.0.183...
* Connected to alfresco.mycompany.ch (10.10.0.183) port 8080 (#0)
> GET /alfresco/service/api/login?u=admin&pw=12@echo HTTP/1.1
> User-Agent: curl/7.37.1
> Host: alfresco.mycompany.ch:8080
> Accept: */*
> Origin: http://www.microsoft.com
>
< HTTP/1.1 200 OK
* Server Apache-Coyote/1.1 is not blacklisted
< Server: Apache-Coyote/1.1
< Cache-Control: no-cache
< Expires: Thu, 01 Jan 1970 00:00:00 GMT
< Pragma: no-cache
< Content-Type: application/json;charset=UTF-8
< Content-Length: 85
< Date: Thu, 13 Aug 2015 08:11:15 GMT
<
{
"data":
{
"ticket":"TICKET_7d07634afbb25a7e823c0348d907e0790eeff97e"
}
}
* Connection #0 to host alfresco.mycompany.ch left intact
therefore I think it's client/AngularJS related. 因此,我认为这与client / AngularJS有关。
=== Update 1: === ===更新1:===
I tried to add an interceptor to the $httpProvider as below, but it doesn't help. 我试图将拦截器添加到$ httpProvider中,如下所示,但这无济于事。 I don't see the headers I am setting there in any of the responses, although the interceptor gets called.
尽管拦截器被调用,但在任何响应中都没有看到我设置的标题。
$httpProvider.interceptors.push(function() {
return {
'request': function(request) {
return request;
},
'response': function(response) {
console.log('Interceptor called.');
response.config.headers['MyTestHeader'] = '12345';
response.config.headers['Access-Control-Allow-Origin'] = '*';
return response;
}
};
});
=== Update 2: === ===更新2:===
Some more findings, but now a bit weird on the Alfresco side. 还有更多发现,但在Alfresco方面有些奇怪。 I am doing two almost similar API calls, to the following two urls:
我正在对以下两个URL进行两个几乎相似的API调用:
You can see, they only differ at the end. 您可以看到,它们仅在末尾有所不同。 The one with
/whatever
returns a Access-Control-Allow-Origin
response header, the one with /login
does not. 带有
/whatever
那个返回一个Access-Control-Allow-Origin
响应头,带有/login
那个不返回。 It must be related to the Alfresco config / webscript, but I have not yet found the origin of it. 它必须与Alfresco config / webscript有关,但是我还没有找到它的起源。
curl -H "Origin: http://www.microsoft.com" --verbose "http://localhost:8080/alfresco/service/api/login"
* Trying ::1...
* Connected to localhost (::1) port 8080 (#0)
> GET /alfresco/service/api/login HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.43.0
> Accept: */*
> Origin: http://www.microsoft.com
>
< HTTP/1.1 400 Bad Request
< Server: Apache-Coyote/1.1
< Cache-Control: no-cache
< Expires: Thu, 01 Jan 1970 00:00:00 GMT
< Pragma: no-cache
< Content-Type: application/json;charset=UTF-8
< Transfer-Encoding: chunked
< Date: Thu, 13 Aug 2015 12:49:46 GMT
< Connection: close
<
But this one: 但是这个:
curl -H "Origin: http://www.microsoft.com" --verbose "http://localhost:8080/alfresco/service/api/whatever"
* Trying ::1...
* Connected to localhost (::1) port 8080 (#0)
> GET /alfresco/service/api/whatever HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.43.0
> Accept: */*
> Origin: http://www.microsoft.com
>
< HTTP/1.1 404 Not Found
< Server: Apache-Coyote/1.1
< Access-Control-Allow-Credentials: true
< Access-Control-Allow-Origin: http://www.microsoft.com
< Vary: Origin
< Cache-Control: no-cache
< Expires: Thu, 01 Jan 1970 00:00:00 GMT
< Pragma: no-cache
< Content-Type: text/html;charset=UTF-8
< Transfer-Encoding: chunked
< Date: Thu, 13 Aug 2015 12:52:15 GMT
<
I also tried the CORS filter of Tomcat instead, same result. 我也尝试了Tomcat的CORS过滤器,结果相同。
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
Questions: 问题:
(1) Am I missing something on the client/AngularJS $http side? (1)我在客户端/ AngularJS $ http端缺少什么吗? Should I use a angular-http-interceptor?
我应该使用angular-http-interceptor吗? (Sorry, pretty new to AngularJS).
(对不起,AngularJS还很新)。 I think that this is most probably the reason here, but not sure what's missing.
我认为这很可能是这里的原因,但不能确定缺少的原因。
(2) I don't see why the CORS filter would not add the 'Access-Control-Allow-Origin' header to both responses but only to the one API call, since both API urls start with /alfresco/service, which should be handled by the CORS filter as per <url-pattern>/service/*</url-pattern>
(2)我看不到CORS过滤器为什么不将'Access-Control-Allow-Origin'标头添加到两个响应,而仅添加到一个API调用,因为两个API网址均以/ alfresco / service开头,因此根据
<url-pattern>/service/*</url-pattern>
由CORS过滤器处理
(And why does it work for one API url, but for the other it does not? Only difference I see is that in one case, I am already authenticated and use an alf_ticket, in the other case I am not. But even if I add an (unnecessary) alf_ticket to the login call, it does not make any difference.) (为什么它对一个API网址有效,但对另一个API无效?我唯一的区别是,在一种情况下,我已经通过身份验证并使用了alf_ticket,在另一种情况下我没有通过。但是即使我在登录调用中添加一个(不必要的)alf_ticket,这没有任何区别。)
(3) Why does it work in IE then at all? (3)那么为什么它根本不能在IE中工作? (by the way: with the Chrome extension https://chrome.google.com/webstore/detail/allow-control-allow-origi/nlfbmbojpeacfghkpbjhddihlkkiljbi it also works in Chrome.)
(顺便说一句:使用Chrome扩展程序https://chrome.google.com/webstore/detail/allow-control-allow-origi/nlfbmbojpeacfghkpbjhddihlkkiljbi,它也可以在Chrome浏览器中使用。)
Related SO question: cross domain call using REST Alfresco 相关的SO问题: 使用REST Alfresco进行跨域调用
I have the same issue, for some reason the login api "GET" call does not return "Access-Control-Allow-Origin" in the headers. 我有同样的问题,由于某种原因,登录api“ GET”调用在标题中未返回“ Access-Control-Allow-Origin”。 WORKAROUND: The "POST" call works fine!
解决方法:“ POST”调用可以正常工作!
I faced similar issue and got it resolved by using "/alfresco/s/" instead of "/alfresco/service/". 我遇到了类似的问题,并通过使用“ / alfresco / s /”而不是“ / alfresco / service /”解决了该问题。
In your case, try hitting using 在您的情况下,请尝试使用
http://localhost:8080/alfresco/s/api/login?u=admin&pw=admin . http:// localhost:8080 / alfresco / s / api / login?u = admin&pw = admin 。
Try if this works. 尝试是否可行。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.