stackoom
  简体   繁体   中英

CORS Policy won't work, because all response headers are set, but still getting this error

 原文  2019-12-09 13:35:00       java/ servlets

Question

I trie to get a response from my POST Method in my Servlet java class. I trie to set all headers , but i got always the error :

Access to XMLHttpRequest at 'XXX' from origin ' http://localhost:8080 ' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Here are my headers:

@WebServlet(asyncSupported = true,urlPatterns = {"/Mitarbeiter_Einzel_Update"})
public class Mitarbeiter_Einzel_Update extends HttpServlet {
private static final long serialVersionUID = 1L;

public Mitarbeiter_Einzel_Update() {
    super();
}

@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
    doPost(req, resp);
}

@Override
 public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {



    response.setContentType("application/json");
    response.setCharacterEncoding("UTF-8");
    response.addHeader("Access-Control-Allow-Origin", "http://localhost:8080");
    response.addHeader("Access-Control-Allow-Headers", "X-PINGOTHER, Origin, X-Requested-With, Content-Type, Accept");
    response.addHeader("Access-Control-Max-Age", "1728000");
    response.addHeader("Access-Control-Allow-Methods", "GET,PUT,POST,DELETE");

  [...]

  }

}

1 answers

solution1
 0 ACCPTED  2019-12-09 14:05:33

You should create servlet Filter to check if the request Method is "OPTIONS"

    import javax.servlet.Filter;

    public class CorsFilter implements Filter {

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
            throws IOException, ServletException {

        HttpServletRequest req  = (HttpServletRequest) request;
        HttpServletResponse resp = (HttpServletResponse) response;

        resp.setHeader("Access-Control-Allow-Origin", "http://localhost:8080");
        //resp.setHeader("Access-Control-Allow-Origin", req.getHeader("Origin"));
        resp.setHeader("Access-Control-Allow-Credentials", "true");

        if("OPTIONS".equals(req.getMethod())) {
            resp.setHeader("Access-Control-Allow-Methods", req.getHeader("Access-Control-Request-Method"));
            resp.setHeader("Access-Control-Allow-Headers", req.getHeader("Access-Control-Request-Headers"));
            resp.setHeader("Access-Control-Max-Age", "3600");

            resp.setStatus(HttpServletResponse.SC_OK);
        } else {
            chain.doFilter(request, response);
        }
    }

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    @Override
    public void destroy() {
    }
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Getting CORS policy error to delete an entry in Spring CORS policy: Cannot parse Access-Control-Allow-Headers response header field in preflight response Even if Cors Configuration is set on server side, I'm still blocked by CORS policy: CORS policy doesn't work for specific port. How to fix it? How to specify response headers to CORS? my deterministic turing machine won't work, because my equals and indexof method throw no source error How to set CORS headers into internal server error responses? GenericFilterBean response error doesn't work for all endpoints Server return CORS headers, browser still throwing Cross-Origin Request Blocked error Exception won't work for me because it say it's empty somehow
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM