[英]CORS error is not fixed despite allowing all origins, all methods, and all headers
We used Java-Spring boot, and React - CRA.我们使用了 Java-Spring boot 和 React - CRA。 we deployed a server using AWS EC2 and a client using AWS S3.
我们使用 AWS EC2 部署了服务器,使用 AWS S3 部署了客户端。
But the website does not work properly due to a CORS error.但是由于 CORS 错误,该网站无法正常工作。
Here is the error I see in my console:这是我在控制台中看到的错误:
GET http://ec2-13-125-208-244.ap-northeast-2.compute.amazonaws.com:8080/api/questions/1/answers.net::ERR_FAILED 200
We try.....我们尝试.....
< In Client > <在客户端>
we used 'http-proxy-middleware' in the development phase and put the server address deployed to EC2 using the .env.development/.env.production
environment variable.我们在开发阶段使用了“http-proxy-middleware”,并使用
.env.development/.env.production
环境变量将服务器地址部署到 EC2。 (Put the EC2 server address in .env.production
and an empty string ("") in .env.development
to solve the local problem.) (将EC2服务器地址放在
.env.production
中,空字符串("")放在.env.development
中,解决本地问题。)
Also, we are using axios and tried putting {withCredentials: true} in the request header此外,我们正在使用 axios 并尝试将 {withCredentials: true} 放入请求 header
Before using environment variables, set the baseUrl using an instance.在使用环境变量之前,使用实例设置 baseUrl。
const instance = axios.create({baseURL: '``https://http``://~~.s3-website.ap-northeast-2.amazonaws.com/'});
In 'localhost: 3000', it works fine.在“本地主机:3000”中,它工作正常。 But it doesn't work with a static website using Amazon S3.
但它不适用于使用 Amazon S3 的 static 网站。
<In Sever> <在服务器>
We wrote code related to CORS like this, but it didn't work. CORS相关的代码我们是这样写的,但是不行。
@Bean
CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Arrays.asList("*"));
configuration.setAllowedMethods(Arrays.asList("GET","POST", "PATCH", "DELETE"));
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
@Bean
CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Arrays.asList("http://localhost:3000", "http://pre-project-038-client.s3-website.ap-northeast-2.amazonaws.com/questions"));
configuration.setAllowedMethods(Arrays.asList("GET","POST", "PATCH", "DELETE"));
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
I know it is vulnerable to security, but I wrote the following code to solve the CORS error in Java.我知道它存在安全漏洞,但是我写了下面的代码来解决 Java 中的 CORS 错误。
@Bean
CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.addAllowedOrigins(Arrays.asList("*"));
configuration.addAllowedMethods(Arrays.asList("*"));
configuration.addAllowedHeader(Arrays.asList("*"));
configuration.setAllowCredentials(true);
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
The response status is 200, but still, no data is loaded on the screen due to a CORS error.响应状态为 200,但由于 CORS 错误,屏幕上仍未加载任何数据。
What can we try on the client or server side?我们可以在客户端或服务器端尝试什么?
I had the same issue in my application, and my solution was configure it in the HttpSecurity.我在我的应用程序中遇到了同样的问题,我的解决方案是在 HttpSecurity 中配置它。 The code is:
代码是:
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
CorsConfiguration corsConfiguration = new CorsConfiguration().applyPermitDefaultValues();
corsConfiguration.addAllowedMethod("*");
httpSecurity
.authorizeRequests()
.antMatchers("/**").permitAll()
.anyRequest().permitAll()
.and()
.cors().configurationSource(request -> corsConfiguration)
.and()
.csrf().disable();
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.