[英]Reason: CORS header ‘Access-Control-Allow-Origin’ missing even though explictly specificed in java resource
I am testing my backend (Java using Jersey on tomcat server) and frontend (Angular 4 using webpack to serve) on two different ports, thus I am getting a cors access control origin block. 我正在两个不同的端口上测试我的后端(在tomcat服务器上使用Jersey的Java)和前端(使用webpack进行服务的Angular 4),因此我得到了一个cors访问控制源模块。 For my get methods everything works fine and any data requested is found on the UI. 对于我的get方法,一切正常,可以在UI上找到任何请求的数据。 Now I am testing my POST method and I keep getting the same message in the title. 现在,我正在测试POST方法,并且标题中始终出现相同的消息。
My post method should persist the data sent to it and return a response with the location of the new persisted entity. 我的post方法应该持久保存发送给它的数据,并返回带有新持久实体位置的响应。
@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
public Response persistAccountLocation(AccountLocation entity) throws URISyntaxException {
accountLocationService.persist(entity);
JsonObject object = Json.createObjectBuilder()
.add("location", "api/v1/accounts_locations/"+entity.getLocation_id()).build();
return Response.status(Response.Status.CREATED)// 201
.entity("Location created")
.header("Access-Control-Allow-Origin","*")
.header("Access-Control-Allow-Methods", "POST,GET,PUT,DELETE")
.allow("OPTIONS")
.entity(object.toString()).build();
}
In my network tab in firefox browser I only see OPTIONS with 200 status 在Firefox浏览器的“网络”标签中,我只能看到状态为200的选项
Host: localhost:8081
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Access-Control-Request-Method: POST
Access-Control-Request-Headers: access-control-allow-origin,content-type
Origin: http://localhost:4200
Connection: keep-alive
but after that the post is never happens. 但是在那之后,这个帖子就永远不会发生。 I am assuming CORS blocks it at that point. 我假设那时CORS阻止了它。 Is there somewhere else I should be allowing access control besides the resource class? 除了资源类之外,我还应该允许访问控制吗? I have read that typical all CORS configuration is done on server side. 我已经读到典型的所有CORS配置都是在服务器端完成的。 Totally lost. 完全迷失了。 Any feedback appreciated 任何反馈表示赞赏
EDIT 编辑
public class CORSResponseFilter
implements ContainerResponseFilter {
public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext)
throws IOException {
MultivaluedMap<String, Object> headers = responseContext.getHeaders();
headers.add("Access-Control-Allow-Origin", "*");
headers.add("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT, OPTIONS");
headers.add("Access-Control-Allow-Headers", "X-Requested-With, Content-Type,");
}
}
I have made aa filter with slight adjustments and registered it to my app 我对滤镜做了些微调整,然后将其注册到我的应用中
public class JaxRsApplication extends ResourceConfig{
public JaxRsApplication() {
// register application resources - unmapped resources will throw exception
register(AccountLocationResource.class);
register(CORSResponseFilter.class);
}
Quite a good answer is provided in How to handle CORS using JAX-RS with Jersey stackoverflow question. 如何使用带有Jersey堆栈溢出问题的JAX-RS处理CORS提供了很好的答案。
You have given a link to Jersey 1, but please make sure what version you are using. 您提供了指向Jersey 1的链接,但请确保使用的是哪个版本。
This way you will not have to write 这样您就不必写
.header("Access-Control-Allow-Origin","*")
.header("Access-Control-Allow-Methods", "POST,GET,PUT,DELETE")
.allow("OPTIONS")
for every request. 对于每个请求。 Filter will apply the options for you. 过滤器将为您应用选项。
One more thing I have noticed 我注意到的另一件事
return Response.status(Response.Status.CREATED)// 201
.entity("Location created") // <- entity() call here
.header("Access-Control-Allow-Origin","*")
.header("Access-Control-Allow-Methods", "POST,GET,PUT,DELETE")
.allow("OPTIONS")
.entity(object.toString()).build(); // <- one more entity() call here (not sure what effect it may have)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.