堆栈内存溢出
  简体   繁体   English

CORS 尽管允许所有来源、所有方法和所有标头,但错误仍未修复

[英]CORS error is not fixed despite allowing all origins, all methods, and all headers

 原文  2022-11-04 16:39:27       java/ spring-boot/ cors/ access-control-allow-origin

问题描述

We used Java-Spring boot, and React - CRA.我们使用了 Java-Spring boot 和 React - CRA。 we deployed a server using AWS EC2 and a client using AWS S3.我们使用 AWS EC2 部署了服务器,使用 AWS S3 部署了客户端。

But the website does not work properly due to a CORS error.但是由于 CORS 错误,该网站无法正常工作。

Here is the error I see in my console:这是我在控制台中看到的错误:

GET http://ec2-13-125-208-244.ap-northeast-2.compute.amazonaws.com:8080/api/questions/1/answers.net::ERR_FAILED 200

We try.....我们尝试.....

< In Client > <在客户端>

we used 'http-proxy-middleware' in the development phase and put the server address deployed to EC2 using the .env.development/.env.production environment variable.我们在开发阶段使用了“http-proxy-middleware”,并使用.env.development/.env.production环境变量将服务器地址部署到 EC2。 (Put the EC2 server address in .env.production and an empty string ("") in .env.development to solve the local problem.) (将EC2服务器地址放在.env.production中,空字符串("")放在.env.development中,解决本地问题。)

Also, we are using axios and tried putting {withCredentials: true} in the request header此外,我们正在使用 axios 并尝试将 {withCredentials: true} 放入请求 header

Before using environment variables, set the baseUrl using an instance.在使用环境变量之前,使用实例设置 baseUrl。

const instance = axios.create({baseURL: '``https://http``://~~.s3-website.ap-northeast-2.amazonaws.com/'});

In 'localhost: 3000', it works fine.在“本地主机:3000”中,它工作正常。 But it doesn't work with a static website using Amazon S3.但它不适用于使用 Amazon S3 的 static 网站。

<In Sever> <在服务器>

We wrote code related to CORS like this, but it didn't work. CORS相关的代码我们是这样写的,但是不行。

@Bean
CorsConfigurationSource corsConfigurationSource() {
    CorsConfiguration configuration = new CorsConfiguration();
    configuration.setAllowedOrigins(Arrays.asList("*"));
    configuration.setAllowedMethods(Arrays.asList("GET","POST", "PATCH", "DELETE"));
    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    source.registerCorsConfiguration("/**", configuration);
    return source;
}

@Bean
CorsConfigurationSource corsConfigurationSource() {
    CorsConfiguration configuration = new CorsConfiguration();
    configuration.setAllowedOrigins(Arrays.asList("http://localhost:3000", "http://pre-project-038-client.s3-website.ap-northeast-2.amazonaws.com/questions"));
    configuration.setAllowedMethods(Arrays.asList("GET","POST", "PATCH", "DELETE"));
    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    source.registerCorsConfiguration("/**", configuration);
    return source;
}

I know it is vulnerable to security, but I wrote the following code to solve the CORS error in Java.我知道它存在安全漏洞,但是我写了下面的代码来解决 Java 中的 CORS 错误。

@Bean
CorsConfigurationSource corsConfigurationSource() {
    CorsConfiguration configuration = new CorsConfiguration();
    configuration.addAllowedOrigins(Arrays.asList("*"));
    configuration.addAllowedMethods(Arrays.asList("*"));
    configuration.addAllowedHeader(Arrays.asList("*"));
    configuration.setAllowCredentials(true);
    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    source.registerCorsConfiguration("/**", configuration);
    return source;
}

The response status is 200, but still, no data is loaded on the screen due to a CORS error.响应状态为 200,但由于 CORS 错误,屏幕上仍未加载任何数据。

What can we try on the client or server side?我们可以在客户端或服务器端尝试什么?

1 个解决方案

解决方案1
 0  2022-11-04 20:53:56

I had the same issue in my application, and my solution was configure it in the HttpSecurity.我在我的应用程序中遇到了同样的问题,我的解决方案是在 HttpSecurity 中配置它。 The code is:代码是:

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity httpSecurity) throws Exception {

        CorsConfiguration corsConfiguration = new CorsConfiguration().applyPermitDefaultValues();
        corsConfiguration.addAllowedMethod("*");
        httpSecurity
            .authorizeRequests()
            .antMatchers("/**").permitAll()
            .anyRequest().permitAll()
            .and()
            .cors().configurationSource(request -> corsConfiguration)
            .and()
            .csrf().disable();
    }

}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 CORS 策略不起作用,因为所有响应标头都已设置,但仍然收到此错误 - CORS Policy won't work, because all response headers are set, but still getting this error HttpURLConnection没有返回所有标头 - HttpURLConnection is not returning all headers 获取类中的所有方法-容易出错 - Obtaining all the methods in a class — error prone SetTestProviderLocation错误...尽管所有参数都没有设置位置? - SetTestProviderLocation Error…Location not being set despite all parameters? 即使存在所有CORS标头,跨源资源共享问题 - Cross Origin Resource sharing issue even when all the CORS headers are present Jar 忽略所有方法 - Jar ignoring all methods ByteBuddy - 转换所有方法 - ByteBuddy - transform all methods 接口的所有方法都是抽象的吗? - Are all methods of interface abstract? 没有实现接口的所有方法 - Not implementing all the methods of an interface 包中所有方法的AOP - AOP for all methods in a package
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM