[英]Enable CORS on Tomcat 8.0.30
感謝任何幫助。
我在新部署的Tomcat 8.0.30上遇到了CORS的問題。 我不斷收到以下錯誤。 我使用127.0.0.1作為API服務器地址,而192.168.1.100是我的HTTP服務器的地址。
所請求的資源上沒有“ Access-Control-Allow-Origin”標頭。 因此,不允許訪問來源“ _http://192.168.1.100:8999”。 響應的HTTP狀態碼為403。
通讀整個Tomcat文檔,在tomcat web.xml和項目web.xml下添加了cors過濾器,但是這里沒有發生任何魔術,仍然出現相同的錯誤。 嘗試最小和高級的初始化參數,相同的錯誤。
我正在使用Spring 4作為我的其余API框架。 需要在項目編碼部分進行更多配置嗎?
這是我到目前為止已完成的步驟:
有什么建議么?
將我嘗試將cors.allowed.origins更改為*的web.xml配置添加為127.0.0.1,192.168.1.100,所有這些都無法正常工作,刪除憑據和最大容量
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>http://192.168.1.100</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,Authorization</param-value>
</init-param>
<init-param>
<param-name>cors.exposed.headers</param-name>
<param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
由Vishal建議,將tomcat版本從8.0更改為8.5,仍然是同一問題
XMLHttpRequest cannot load http://127.0.0.1:8080/leyutech-framework-gurunwanfeng/api/ad/getAdInfoByAdType.html?adType=0. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://192.168.1.100:8080' is therefore not allowed access. The response had HTTP status code 403.
我曾經遇到此問題,並為Jetty Web應用程序開發了自定義處理程序。
也許可以幫到您。
CORSHandler.hava
import java.io.IOException;
import org.eclipse.jetty.server.handler.HandlerWrapper;
import org.eclipse.jetty.server.Request;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.ServletException;
public class CORSHandler extends HandlerWrapper {
public static final String ACCESS_CONTROL_ALLOW_ORIGIN = "Access-Control-Allow-Origin";
public static final String ACCESS_CONTROL_ALLOW_HEADERS = "Access-Control-Allow-Headers";
public static final String ACCESS_CONTROL_ALLOW_METHODS = "Access-Control-Allow-Methods";
public CORSHandler() {
super();
}
public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException
{
// Allow Cross-site HTTP requests (CORS)
response.addHeader(ACCESS_CONTROL_ALLOW_ORIGIN, "*");
// Accept Content-Type in header
response.addHeader(ACCESS_CONTROL_ALLOW_HEADERS, "content-type");
// Accept GET, POST, PUT and DELETE methods
response.addHeader(ACCESS_CONTROL_ALLOW_METHODS, "GET,POST,PUT,DELETE");
if (_handler!=null && isStarted())
{
_handler.handle(target,baseRequest, request, response);
}
}
}
Starter.java
import java.io.IOException;
import java.util.logging.Logger;
import java.util.logging.FileHandler;
import java.util.logging.Level;
import java.util.logging.SimpleFormatter;
import org.apache.cxf.transport.servlet.CXFServlet;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.servlet.ServletHolder;
import org.springframework.web.context.ContextLoaderListener;
import org.springframework.web.context.support.AnnotationConfigWebApplicationContext;
import org.eclipse.jetty.server.handler.HandlerWrapper;
import com.example.config.AppConfig;
import com.example.handlers.CORSHandler;
import com.example.properties.*;
public class Starter {
public static void main( final String[] args ) throws Exception {
Server server = new Server( 8080 );
// Register and map the dispatcher servlet
final ServletHolder servletHolder = new ServletHolder( new CXFServlet() );
HandlerWrapper wrapper = new CORSHandler();
final ServletContextHandler context = new ServletContextHandler();
context.setContextPath( "/" );
context.addServlet( servletHolder, "/rest/*" );
context.addEventListener( new ContextLoaderListener() );
context.setInitParameter( "contextClass", AnnotationConfigWebApplicationContext.class.getName() );
context.setInitParameter( "contextConfigLocation", AppConfig.class.getName() );
wrapper.setHandler(context);
server.setHandler(wrapper);
server.start();
server.join();
}
}
我使用自定義過濾器來解決此問題,我不知道為什么在我的情況下不能使用正式的tomcat cors過濾器,任何人都可以提出其背后的邏輯,我願意嘗試一下。
該代碼是從上面的鏈接修改的。
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;
public class SimpleCORSFilter implements Filter {
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) res;
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "x-requested-with");
chain.doFilter(req, res);
}
public void destroy() {
// TODO Auto-generated method stub
}
public void init(FilterConfig arg0) throws ServletException {
// TODO Auto-generated method stub
}
}
當前項目下的web.xml配置
<filter>
<filter-name>SimpleCORSFilter</filter-name>
<filter-class>com.example.util.SimpleCORSFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>SimpleCORSFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.