POST 请求时 Spring Boot 安全性和 CORS 的问题
[英]Problem with Spring Boot Security and CORS when it comes to POST requests
问题描述
I want to secure a REST service for personal use and used as a backed for an Angular app using method to method security like this.
我想保护 REST 服务以供个人使用,并用作 Angular 应用程序的支持,使用这种方法来方法安全。
@PreAuthorize("hasPermission(#id, 'Player', 'expenseReport.allowed')")
@GetMapping(value = "editplayer")
@CrossOrigin(origins = crossorg)
public Player getEditPlayerAuthorize(@RequestParam Long id){
return fetcher.fetchPlayer(id);
}
The @CrossOrigin annotation works perfectly where, but when I try the same on a POST request it fails because of CORS: @CrossOrigin 注释在哪里工作得很好,但是当我在 POST 请求上尝试相同的时候,它会因为 CORS 而失败:
@PostMapping(value = "login", produces = "application/json")
@CrossOrigin(origins = crossorg)
public Login attemptLogin(@RequestBody Login payload) {
return handler.attemptLogin(payload);
}
So I guess Spring Boot security is somehow interfering in this, but I see no solution why this should affect only POST requests?所以我猜 Spring Boot 安全性在某种程度上干扰了这一点,但我看不出为什么这应该只影响 POST 请求? They worked fine before I added Spring Boot Security.在我添加 Spring Boot Security 之前,它们运行良好。
1 个解决方案
解决方案1
1 2022-06-25 15:47:16
Add the proper url for @CrossOrigin?
为@CrossOrigin 添加正确的网址? (For eg. localhost url of front end). (例如,前端的 localhost url)。default enabled csrf may have to be disabled.
默认启用的 csrf 可能必须禁用。
refer this How to Solve 403 Error in Spring Boot Post Request请参阅此如何解决 Spring Boot Post 请求中的 403 错误
Request Experts to help resolve this.请求专家帮助解决这个问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.