[英]CORS issue POST request (403 Forbidden) of App Android generated with Sencha CMD 6.5
I am desperate. 我很绝望。 I am trying to generated a app Android (Front-end) with Sencha CMD 6.5 that send requests to Tomcat Server (Back-end). 我正在尝试使用Sencha CMD 6.5生成一个应用Android(前端),该应用将请求发送到Tomcat服务器(后端)。
The problem is the POST method , when App send the request in the header the "Origin" parameter is set to "file://" and the CORS of tomcat reject the request (Forbidden 403). 问题是POST方法,当App在标头中发送请求时,“ Origin”参数设置为“ file://”,并且tomcat的CORS拒绝了该请求(禁止403)。
HEADER 标题
Accept: */*
Accept-Encoding: gzip,deflate
Accept-Language: en-US;q=0.9
Connection: keep-aliv(e)
Content-Length: 39
Host: 192.168.1.91: 8080
Origin: file: //
Referer: -
Content-Type: application/x-www-form-urlencoded;charset=UTF-8
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0(Linux;Android7.0;MI5Build/NRD90M;wv)AppleWebKit/537.36(KHTML,likeGecko)Version/4.0Chrome/64.0.3282.137MobileSafari/537.36
FILTER defined on tomcat 8.0 in web.xml 在web.xml中的tomcat 8.0上定义的过滤器
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Cache-Control,Content-Language,Expires,Last-Modified,Pragma,Content-Type,X-Requested-With,Accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
</init-param>
<init-param>
<param-name>cors.exposed.headers</param-name>
<param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
</init-param>
<init-param>
<param-name>cors.support.credentials</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.preflight.maxage</param-name>
<param-value>10</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
The funny thing is that with the GET method not set anything in the Origin parameter and the Tomcat CORS accepts it. 有趣的是,使用GET方法时,没有在Origin参数中设置任何内容,而Tomcat CORS接受它。
There are only two solutions: 只有两种解决方案:
1.- Set the parameter Origin of header (I did not find anything in any forum, like this, like senchaforum, etc.) 1.-设置参数标头的来源(我在任何论坛上都找不到任何内容,例如senchaforum等)
2.- Modify CORS Filter of TOMCAT 8. (I did not find anything in any forum, like this, like senchaforum, etc.) 2.-修改TOMCAT 8的CORS过滤器。(我在senchaforum之类的任何论坛中都找不到任何内容)
Please, can anybody help me? 拜托,有人可以帮我吗? Thanks in advanced 提前致谢
Daniel 丹尼尔
The solution is use ContainerResponseFilter, instead of filter of tomcat. 解决方案是使用ContainerResponseFilter,而不是tomcat的过滤器。
import javax.ws.rs.ext.Provider;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerResponseContext;
import javax.ws.rs.container.ContainerResponseFilter;
import javax.ws.rs.core.MultivaluedMap;
@Provider
public class CORSResponseFilter implements ContainerResponseFilter {
@Override
public void filter(ContainerRequestContext creq, ContainerResponseContext cres) {
MultivaluedMap<String, Object> headers = cres.getHeaders();
headers.add("Access-Control-Allow-Origin", "*");
headers.add("Access-Control-Allow-Headers", "Cache-Control,Content-Language,Expires,Last-Modified,Pragma,Content-Type,X-Requested-With,Accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers");
headers.add("Access-Control-Allow-Credentials", "false");
headers.add("Access-Control-Allow-Methods", "GET,POST,HEAD,OPTIONS,PUT");
//headers.add("Access-Control-Max-Age", "10");
}
}
I already tried this, in case someone thinks it would have worked with original filter: 我已经尝试过了,以防有人认为它可以与原始过滤器一起使用:
<init-param>
<param-name>cors.support.credentials</param-name>
<param-value>false</param-value>
</init-param>
Welcome guys, I hope it help someone in the future. 欢迎大家,希望将来对您有所帮助。
Daniel 丹尼尔
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.