[英]CORS issue with website calling a REST API on https
I have a website running on https
.我有一个运行在https
上的网站。 I want this website to communicate with a REST Api service running on a AWS EC2 server.我希望此网站与运行在 AWS EC2 服务器上的 REST Api 服务通信。 This service is implemented with Spring Boot and the Controller class contains the @CrossOrigin
annotation with the origin website as a parameter.该服务是通过 Spring Boot 实现的,Controller class 包含@CrossOrigin
注解,以源站为参数。 However I am getting following error while doing a POST
request from the website with the service listening on port 443
with a self signed certificate:但是,在使用自签名证书侦听端口443
的服务从网站发出POST
请求时,我遇到以下错误:
Access to XMLHttpRequest at x from origin y has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
And following one while doing a GET
request:在执行GET
请求时跟随一个:
Access to XMLHttpRequest at x from origin y has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
I also declared localhost
in the service @CrossOrigin
annotation.我还在服务@CrossOrigin
注释中声明了localhost
。
It is failing with same error as above if I have my service run on port 443
with a self signed certificate, but it is working fine if I have my service running on port 8080
without SSL.如果我的服务使用自签名证书在端口443
上运行,它会失败并出现与上述相同的错误,但如果我的服务在没有 SSL 的端口8080
上运行,它工作正常。
Do you know what I am doing wrong?你知道我做错了什么吗?
Also I guess that if I manage to solve the CORS
issue I will still have a problem, as my certificate is self signed.另外我想如果我设法解决CORS
问题我仍然会有问题,因为我的证书是自签名的。 How can I install a public certificate for a REST Api running in EC2 for example?例如,如何为在 EC2 中运行的 REST Api 安装公共证书?
Thanks!谢谢!
Add the config mentioned below to your spring-boot project.将下面提到的配置添加到您的 spring-boot 项目中。
@Configuration
public class CorsConfig {
@Bean
public CorsFilter corsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration config = new CorsConfiguration();
config.addAllowedOrigin("*");
config.addAllowedHeader("*");
config.addAllowedMethod("OPTIONS");
config.addAllowedMethod("HEAD");
config.addAllowedMethod("GET");
config.addAllowedMethod("PUT");
config.addAllowedMethod("POST");
config.addAllowedMethod("DELETE");
config.addAllowedMethod("PATCH");
source.registerCorsConfiguration("/**", config);
return new CorsFilter(source);
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.