[英]Web Client PUT request returns 403 but Postman request does not - Jersey REST API on Glassfish
I am writing a CRUD app using Jersey and Glassfish 4.0 with a React.js front end.我正在使用带有 React.js 前端的 Jersey 和 Glassfish 4.0 编写 CRUD 应用程序。 My application class:
我的应用类:
@ApplicationPath("API")
public class AppServ extends Application
{
@Override
public Set<Class<?>> getClasses()
{
Set<Class<?>> classes = new HashSet<>();
classes.add(RestRoot.class);
classes.add(JacksonFeature.class);
return classes;
}
@Override
public Set<Object> getSingletons()
{
Set<Object> out = new HashSet<>();
out.add(new CorsFilter());
return out;
}
}
My CORS Filter:我的 CORS 过滤器:
@Provider
@Priority(Priorities.HEADER_DECORATOR)
public class CorsFilter implements ContainerResponseFilter
{
@Override
public void filter(ContainerRequestContext requestContext,
ContainerResponseContext responseContext) throws IOException
{
responseContext.getHeaders().add(
"Access-Control-Allow-Origin", "*");
responseContext.getHeaders().add(
"Access-Control-Allow-Credentials", "true");
responseContext.getHeaders().add(
"Access-Control-Allow-Headers",
"origin, content-type, accept, authorization, cookie");
responseContext.getHeaders().add(
"Access-Control-Allow-Methods",
"GET, POST, PUT, DELETE, OPTIONS, HEAD");
}
}
The fetch executed by my front end:我的前端执行的提取:
fetch("MY_SERVER_IP:8080/FitAppBackend/API/food", {
method: 'PUT',
credentials: 'include',
headers: {
'Accept': '*/*',
'Content-Type': 'application/json',
'User-Agent': ''
},
body: JSON.stringify({
name: this.state.fName,
cals: this.state.cals,
prot: this.state.prot,
carbs: this.state.carbs,
fat: this.state.fat
})
});
When I test the API with Postman, I get a 204 response, but the above fetch gives me a 403. My suspicion is that it has something to do with my CORS Filter, or the fact that a G_ENABLED_IDPS=google cookie is sent with the PUT by my browser.当我用 Postman 测试 API 时,我得到 204 响应,但上面的获取给了我 403。我怀疑它与我的 CORS 过滤器有关,或者 G_ENABLED_IDPS=google cookie 与由我的浏览器放置。 Any help would be greatly appreciated;
任何帮助将不胜感激; I've been trying to fix this for hours.
我一直试图解决这个问题几个小时。
The purpose of the Access-Control-Allow-Headers
response header is to tell the browser which request headers are allowed for requests. Access-Control-Allow-Headers
响应头的目的是告诉浏览器允许请求的请求头。 The list you have is as follows: origin, content-type, accept, authorization, cookie
.您拥有的列表如下:
origin, content-type, accept, authorization, cookie
。 But in your request you are trying to set the User-Agent
header.但是在您的请求中,您试图设置
User-Agent
标头。 If you remove the header or add it to the list, it should work.如果您删除标题或将其添加到列表中,它应该可以工作。
See also:也可以看看:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.