带有CORS的Spring Boot HTTPS,Angular 5将所有请求加倍
[英]Spring Boot HTTPS with CORS, Angular 5 double all requests
问题描述
a have a Spring boot(v5) with embeded tomcat REST API for my small Angular 5 website, and this REST API is on https protocol, so I need to enable cors origin to let my website communicate with REST API. 
一个适用于我的小型Angular 5网站的Spring boot(v5) with embeded tomcat REST API的Spring boot(v5) with embeded tomcat ,并且该REST API基于https协议,因此我需要启用cors origin以使我的网站与REST API通信。 How do I did that: 我该怎么做:
@SpringBootApplication
public class AdminPanelApplication {
public static void main(String[] args) {
SpringApplication.run(AdminPanelApplication.class, args);
}
@Bean
public WebMvcConfigurer corsConfigurer() {
return new WebMvcConfigurer() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowCredentials(true)
.allowedOrigins("*")
.allowedMethods("*")
.allowedHeaders("*");
}
};
}
}
But with this cors origin , my website started to sent 2 requests for all requests, first is OPTION request, second is real one(get,post etc). 但是由于这个cors origin ,我的网站开始对所有请求发送2个请求,第一个是OPTION请求,第二个是真实请求(get,post等)。
I assume this is bad, at least for load to the server(instead of sending one request, I'm always send two(even tho first is very light weight option request), I don't see this behavior on any website(for example stackoverflow :) ) 我认为这是坏事,至少对于负载的服务器(而不是发送一个请求,我总是发送两个(甚至寿第一重量很轻option要求),我没有看到任何网站上这种行为(示例stackoverflow :))
Example: 例:
So I assume I'm doing something wrong, so how to set up cors origin(or something else maybe), in right way? 因此,我假设我做错了什么,那么如何以正确的方式设置cors的原点(或其他方法)?
4 个解决方案
解决方案1
0 2018-04-25 10:40:29
This is normal and its not your code, Its browser. 这是正常现象,不是您的代码,而是浏览器。
The first PREFLIGHT request is send as OPTIONS to check the headers only and to avoid side effects of sending first request as GET or POST. 第一个PREFLIGHT请求作为OPTIONS发送,以仅检查标头,并避免将第一个请求作为GET或POST发送的副作用。
CORS is mainly implemented to bring security to browsers using the response headers. CORS的主要目的是使用响应标头为浏览器带来安全性。 Suppose, you are sending data to some cross domain server and the server doesn't have the appropriate headers but, as your request is GET or POST a valid request the server will process request normally while browser will show CORS error due to absence of headers. 假设您正在将数据发送到某个跨域服务器,并且服务器没有适当的标头,但是由于您的请求是GET或POST,因此有效请求将使服务器正常处理请求,而浏览器将由于缺少标头而显示CORS错误。
As a safeguard to this situation a preflight request is made as OPTIONS to check the response headers server send before making the original request. 为了保护这种情况,在发出原始请求之前,会发出预检请求作为选项,以检查服务器发送的响应头。 If server dosen't sent proper headers the browser will not make original request. 如果服务器未发送正确的标头,则浏览器将不会发出原始请求。
解决方案2
0 2018-04-25 10:43:14
You are not doing anything wrong. 您没有做错任何事。 The first OPTION request is Preflight request automatically issued by the browser. 第一个OPTION请求是浏览器自动发出的预检请求 。 It checks if the server actually allows request from the origin,method etc. You can set max age, CorsConfiguration.setMaxAge , which tell browser to cache Preflight response for certain period. 它检查服务器是否实际上允许来自来源,方法等的请求。您可以设置最大期限CorsConfiguration.setMaxAge ,该值告诉浏览器在一定时间内缓存Preflight响应。
解决方案3
0 2018-04-25 10:47:39
First request is type OPTIONS, it's normal. 第一个请求是OPTIONS类型,这很正常。 The HTTP OPTIONS method is used to describe the communication options for the target resource. HTTP OPTIONS方法用于描述目标资源的通信选项。
Read more about it here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS 在此处了解更多信息: https : //developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
解决方案4
0 2018-04-25 15:59:26
I don't think you are doing anything wrong, it is normal. 我认为您没有做错任何事情,这很正常。 If you are sending any custom headers besides headers that are automatically sent, browser makes the OPTION request first to be safer. 如果要发送除自动发送的标头之外的任何自定义标头,浏览器会首先发出OPTION请求,以确保安全。
Preflighted requests first send an HTTP request by the OPTIONS method to the resource on the other domain, in order to determine whether the actual request is safe to send.
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.