![](/img/trans.png)
[英]AngularJS CORS issue in Chrome - No 'Access-Control-Allow-Origin' header is present on the requested resource
[英]AngularJS / Alfresco / CORS filter issue: No 'Access-Control-Allow-Origin' header
我的Alfresco(5.0.d) ,我的AngularJS(1.4.3)客戶端和CORS設置存在一些問題(典型的跨域/請求的資源問題上沒有No'Access-Control-Allow-Origin'標頭 )。
我正在從在localhost: 3000上運行的AngularJS應用程序調用Alfresco REST API,到在localhost: 8080上運行的Alfresco實例(Tomcat,前面沒有反向代理)。
這個XHR調用工作正常:
這個
僅在Internet Explorer 11中可以正常工作,但是在Chrome和Firefox中 ,我得到的狀態碼200的返回值為0字節,並且JS控制台中出現錯誤:
XMLHttpRequest無法加載http:// localhost:8080 / alfresco / service / api / login?u = admin&pw = admin 。 所請求的資源上沒有“ Access-Control-Allow-Origin”標頭。 因此,不允許訪問源' http:// localhost:3000 '。
在Alfresco web.xml中,我啟用了CORS過濾器,如下所示:
<!-- CORS Filter Mappings Begin -->
<filter-mapping>
<filter-name>CORS</filter-name>
<url-pattern>/api/*</url-pattern>
<url-pattern>/service/*</url-pattern>
<url-pattern>/s/*</url-pattern>
<url-pattern>/cmisbrowser/*</url-pattern>
</filter-mapping>
<!-- CORS Filter Mappings End -->
<!-- CORS Filter Begin -->
<filter>
<filter-name>CORS</filter-name>
<filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class>
<init-param>
<param-name>cors.allowGenericHttpRequests</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.allowOrigin</param-name>
<!-- <param-value>http://localhost:3000 http://localhost:8081 http://localhost:8080 https://localhost</param-value> -->
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>cors.allowSubdomains</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.supportedMethods</param-name>
<param-value>GET, HEAD, POST, PUT, DELETE, OPTIONS</param-value>
</init-param>
<init-param>
<param-name>cors.supportedHeaders</param-name>
<param-value>origin, authorization, x-file-size, x-file-name, content-type, accept, x-file-type</param-value>
</init-param>
<init-param>
<param-name>cors.supportsCredentials</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.maxAge</param-name>
<param-value>3600</param-value>
</init-param>
</filter>-->
<!-- CORS Filter End -->
來自Angular的調用:
一個工作正常:
$http.get('http://localhost:8080/alfresco/service/slingshot/live-search-docs?t=Project&alf_ticket=TICKET_9d9780c83b8b9525c7acb9d3d8da66c5c902fb76').then(function(response) {
console.log('DATA LOADED: ' + response.items);
$scope.contents = response.items;
});
響應頭:
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Content-Type: application/json;charset=UTF-8
Content-Length: 85
Date: Thu, 13 Aug 2015 06:37:24 GMT
失敗的那一個:
$http.get('http://localhost:8080/alfresco/service/api/login?u=' + $scope.user.email + '&pw=' + $scope.user.password).
then(function(response) {
console.log('ALF_TICKET: ' + response.data.ticket);
$scope.alfTicket = response.data.ticket;
$state.go('admin-panel.default.introduction');
}, function(response) {
console.log('LOGIN FAILED');
});
響應頭:
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://localhost:3000
Vary: Origin
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Date: Thu, 13 Aug 2015 06:38:36 GMT
我必須在AngularJS應用中配置$ httpProvider ,以確保:
.config(['$httpProvider', function($httpProvider) {
$httpProvider.defaults.useXDomain = true;
delete $httpProvider.defaults.headers.common['X-Requested-With'];
}
盡管從Alfresco中啟用了CORS過濾器,但是從另一台主機模擬的CURL請求也 可以正常工作 ,但是有趣的是,我沒有在響應中返回Access-Control-Allow-Origin
標頭:
curl -H "Origin: http://www.microsoft.com" --verbose "http://alfresco.mycompany.ch:8080/alfresco/service/api/login?u=admin&pw=12@echo"
* Hostname was NOT found in DNS cache
* Trying 10.10.0.183...
* Connected to alfresco.mycompany.ch (10.10.0.183) port 8080 (#0)
> GET /alfresco/service/api/login?u=admin&pw=12@echo HTTP/1.1
> User-Agent: curl/7.37.1
> Host: alfresco.mycompany.ch:8080
> Accept: */*
> Origin: http://www.microsoft.com
>
< HTTP/1.1 200 OK
* Server Apache-Coyote/1.1 is not blacklisted
< Server: Apache-Coyote/1.1
< Cache-Control: no-cache
< Expires: Thu, 01 Jan 1970 00:00:00 GMT
< Pragma: no-cache
< Content-Type: application/json;charset=UTF-8
< Content-Length: 85
< Date: Thu, 13 Aug 2015 08:11:15 GMT
<
{
"data":
{
"ticket":"TICKET_7d07634afbb25a7e823c0348d907e0790eeff97e"
}
}
* Connection #0 to host alfresco.mycompany.ch left intact
因此,我認為這與client / AngularJS有關。
===更新1:===
我試圖將攔截器添加到$ httpProvider中,如下所示,但這無濟於事。 盡管攔截器被調用,但在任何響應中都沒有看到我設置的標題。
$httpProvider.interceptors.push(function() {
return {
'request': function(request) {
return request;
},
'response': function(response) {
console.log('Interceptor called.');
response.config.headers['MyTestHeader'] = '12345';
response.config.headers['Access-Control-Allow-Origin'] = '*';
return response;
}
};
});
===更新2:===
還有更多發現,但在Alfresco方面有些奇怪。 我正在對以下兩個URL進行兩個幾乎相似的API調用:
您可以看到,它們僅在末尾有所不同。 帶有/whatever
那個返回一個Access-Control-Allow-Origin
響應頭,帶有/login
那個不返回。 它必須與Alfresco config / webscript有關,但是我還沒有找到它的起源。
curl -H "Origin: http://www.microsoft.com" --verbose "http://localhost:8080/alfresco/service/api/login"
* Trying ::1...
* Connected to localhost (::1) port 8080 (#0)
> GET /alfresco/service/api/login HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.43.0
> Accept: */*
> Origin: http://www.microsoft.com
>
< HTTP/1.1 400 Bad Request
< Server: Apache-Coyote/1.1
< Cache-Control: no-cache
< Expires: Thu, 01 Jan 1970 00:00:00 GMT
< Pragma: no-cache
< Content-Type: application/json;charset=UTF-8
< Transfer-Encoding: chunked
< Date: Thu, 13 Aug 2015 12:49:46 GMT
< Connection: close
<
但是這個:
curl -H "Origin: http://www.microsoft.com" --verbose "http://localhost:8080/alfresco/service/api/whatever"
* Trying ::1...
* Connected to localhost (::1) port 8080 (#0)
> GET /alfresco/service/api/whatever HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.43.0
> Accept: */*
> Origin: http://www.microsoft.com
>
< HTTP/1.1 404 Not Found
< Server: Apache-Coyote/1.1
< Access-Control-Allow-Credentials: true
< Access-Control-Allow-Origin: http://www.microsoft.com
< Vary: Origin
< Cache-Control: no-cache
< Expires: Thu, 01 Jan 1970 00:00:00 GMT
< Pragma: no-cache
< Content-Type: text/html;charset=UTF-8
< Transfer-Encoding: chunked
< Date: Thu, 13 Aug 2015 12:52:15 GMT
<
我也嘗試了Tomcat的CORS過濾器,結果相同。
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
問題:
(1)我在客戶端/ AngularJS $ http端缺少什么嗎? 我應該使用angular-http-interceptor嗎? (對不起,AngularJS還很新)。 我認為這很可能是這里的原因,但不能確定缺少的原因。
(2)我看不到CORS過濾器為什么不將'Access-Control-Allow-Origin'標頭添加到兩個響應,而僅添加到一個API調用,因為兩個API網址均以/ alfresco / service開頭,因此根據<url-pattern>/service/*</url-pattern>
由CORS過濾器處理
(為什么它對一個API網址有效,但對另一個API無效?我唯一的區別是,在一種情況下,我已經通過身份驗證並使用了alf_ticket,在另一種情況下我沒有通過。但是即使我在登錄調用中添加一個(不必要的)alf_ticket,這沒有任何區別。)
(3)那么為什么它根本不能在IE中工作? (順便說一句:使用Chrome擴展程序https://chrome.google.com/webstore/detail/allow-control-allow-origi/nlfbmbojpeacfghkpbjhddihlkkiljbi,它也可以在Chrome瀏覽器中使用。)
相關的SO問題: 使用REST Alfresco進行跨域調用
我有同樣的問題,由於某種原因,登錄api“ GET”調用在標題中未返回“ Access-Control-Allow-Origin”。 解決方法:“ POST”調用可以正常工作!
我遇到了類似的問題,並通過使用“ / alfresco / s /”而不是“ / alfresco / service /”解決了該問題。
在您的情況下,請嘗試使用
http:// localhost:8080 / alfresco / s / api / login?u = admin&pw = admin 。
嘗試是否可行。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.