弹簧启动的CORS不在响应头中
[英]CORS for spring boot not in response header
问题描述
I tried implementing the GLOBAL CORS as suggested by this spring site for my spring boot Applications which gets deployed to Pivotal Cloud Foundry. 
我尝试按照该春季站点的建议为我的春季启动应用程序实施GLOBAL CORS,该应用程序已部署到Pivotal Cloud Foundry。
https://docs.spring.io/spring/docs/4.2.x/spring-framework-reference/html/cors.html https://docs.spring.io/spring/docs/4.2.x/spring-framework-reference/html/cors.html
However, when I send OPTIONS message to the service end point, The response does not return any CORS headers in it. 但是,当我向服务端点发送OPTIONS消息时,响应中不返回任何CORS标头。 So, application fails to make POST call after preflight. 因此,应用程序在预检后无法进行POST调用。 Here is my implementation. 这是我的实现。
@Configuration
@EnableWebMvc
public class CORSConfig extends WebMvcConfigurerAdapter {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("*/**")
.allowedOrigins("*")
.allowedMethods("GET", "POST", "OPTIONS")
.allowedHeaders("Content-Type", "Authorization")
.allowCredentials(false).maxAge(3600);
}
}
Am i missing anything ? 我有什么想念的吗?
1 个解决方案
解决方案1
4 2018-02-13 19:17:32
Ok. 好。 I found where the problem was. 我找到了问题所在。 HTTP OPTIONS request alone does not constitute the pre-flight request. 单独的HTTP OPTIONS请求并不构成飞行前请求。 In order for OPTIONS to be considered pre-flight request, it needs 2 more request headers. 为了将OPTIONS视为飞行前请求,它还需要2个以上的请求标头。 one is Origin, which I added to the request. 一个是Origin,我已将其添加到请求中。 However, what i missed was on the Access-Control-Request-Method. 但是,我错过的是在访问控制请求方法上。 Pre-flight request generated by browsers would have all 3 http request headers in it. 浏览器生成的飞行前请求中将包含所有3个HTTP请求标头。 Once i added all 3 request headers, I saw my CORS headers coming back in the response. 添加所有3个请求标头后,我看到我的CORS标头又返回了响应。
Here is the sample code and response. 这是示例代码和响应。
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
@Configuration
@EnableWebMvc
public class CORSConfig extends WebMvcConfigurerAdapter {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedOrigins("*")
.allowedMethods("POST")
.allowedHeaders("Content-Type", "Authorization")
.allowCredentials(false)
.maxAge(32400); // 9 hours max age
}
}
Here is the request : 这是请求:
OPTIONS /my-end-point HTTP/1.1
Host: my-app.my-domain.com
Origin: http://localhost:8090
Access-Control-Request-Method: POST
Cache-Control: no-cache
Postman-Token: bc7171bc-7f84-3b44-a304-818627411a72
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW
Here is the response. 这是回应。
access-control-allow-methods →POST
access-control-allow-origin →*
access-control-max-age →32400
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.