如何在 WSO2IS 5.10.0 中允许 CORS 访问
[英]How to allow CORS access in WSO2IS 5.10.0
问题描述
I need to access my identity server from a different domain, I am using REST endpoints provided by the WSO2IS for login, signup, user info, etc.
我需要从不同的域访问我的身份服务器,我正在使用 WSO2IS 提供的 REST 端点进行登录、注册、用户信息等。
I have tried the following configuration without any success:我尝试了以下配置但没有成功:
- https://docs.wso2.com/display/IS530/Invoking+an+Endpoint+from+a+Different+Domain https://docs.wso2.com/display/IS530/Invoking+an+Endpoint+from+a+Different+Domain
- http://hasanthipurnima.blogspot.com/2016/05/applying-cors-filter-to-wso2-identity.html http://hasanthipurnima.blogspot.com/2016/05/applying-cors-filter-to-wso2-identity.html
- CORS blocked in wso2 identity server CORS 在 wso2 身份服务器中被阻止
1 个解决方案
解决方案1
2 已采纳 2020-04-24 16:56:53
Add the below config to <IS-HOME>/repository/resources/conf/templates/repository/conf/tomcat/web.xml.j2 in WSO2 Identity Server distribution pack.将以下配置添加到 WSO2 Identity Server 分发包中的<IS-HOME>/repository/resources/conf/templates/repository/conf/tomcat/web.xml.j2 。
Note that below is a sample taken from https://github.com/wso2/identity-apps#run-in-dev-mode .请注意,下面是取自https://github.com/wso2/identity-apps#run-in-dev-mode的示例。 This should work for you as well.这也应该对你有用。
<filter>
<filter-name>CORS</filter-name>
<filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class>
<init-param>
<param-name>cors.allowOrigin</param-name>
<param-value>https://localhost:9000, https://localhost:9001</param-value>
</init-param>
<init-param>
<param-name>cors.supportedMethods</param-name>
<param-value>GET, HEAD, POST, DELETE, OPTIONS, PATCH, PUT</param-value>
</init-param>
<init-param>
<param-name>cors.exposedHeaders</param-name>
<param-value>Location</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CORS</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
</filter-mapping>
In the above for param-value of <param-name>cors.allowOrigin</param-name> Add the hosts you want to allow CORS(You can add multiple Comma-separated or Whitespace-separated values).在上面为<param-name>cors.allowOrigin</param-name>的param-value添加要允许 CORS 的主机(您可以添加多个逗号分隔或空格分隔的值)。 If the host has a port, that should be included as well.如果主机有一个端口,那也应该包括在内。 Ideally it should be in the format <protocol>://<host>:<port> .理想情况下,它的格式应该是<protocol>://<host>:<port> 。
Also in the above for param-value of <param-name>cors.supportedMethods</param-name> .同样在上面的<param-name>cors.supportedMethods</param-name>的param-value 。 Add the HTTP methods you will need (You will always need the OPTIONS method as that is the one used for the CORS check).添加您需要的 HTTP 方法(您将始终需要 OPTIONS 方法,因为这是用于 CORS 检查的方法)。
You can configure the URLs to allow CORS using the <url-pattern> config.您可以使用<url-pattern>配置将 URL 配置为允许 CORS。 <url-pattern>/*</url-pattern> means CORS is allowed for all URLs of the Identity Server. <url-pattern>/*</url-pattern>表示身份服务器的所有 URL 都允许使用 CORS。
For more info on the CORS filter configurations refer: http://software.dzhuvinov.com/cors-filter-configuration.html有关 CORS 过滤器配置的更多信息,请参阅: http://software.dzhuvinov.com/cors-filter-configuration.html
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.