在RestAngular請求中發送Cookie

Question

我有一個Restangular.getAll函數，

當我將其稱為cookie時，API請求中不包含cookie，這與獲得HTML請求的人不同。

如果我強迫：

Restangular.setDefaultHeaders({ Cookie: function() { return "foo " + $cookies.get('foo'); } })

錯誤是：

Refused to set unsafe header "Cookie"

如果我添加到app.config中：

RestangularProvider.setDefaultHttpFields({
    withCredentials: true
});

錯誤是：

XMLHttpRequest cannot load [*link*] A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true.
 Origin [*host*] is therefore not allowed access. 
The credentials mode of an XMLHttpRequest is controlled by the withCredentials attribute.

請注意， 主機和鏈接是頁面鏈接和主機鏈接的縮寫。

編輯：我在春季的CORSFilter：

@Component
@Order(Ordered.HIGHEST_PRECEDENCE)
public class CORSFilter implements Filter {

    public CORSFilter() {
    }

    @Override
    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
        HttpServletResponse response = (HttpServletResponse) res;
        HttpServletRequest request = (HttpServletRequest) req;
        response.setHeader("Access-Control-Allow-Origin", "*");
        response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
        response.setHeader("Access-Control-Max-Age", "3600");
        response.setHeader("Access-Control-Allow-Headers", "x-requested-with, authorization, content-type");

        if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {
            response.setStatus(HttpServletResponse.SC_OK);
        } else {
            chain.doFilter(req, res);
        }
    }

    @Override
    public void init(FilterConfig filterConfig) {
    }

    @Override
    public void destroy() {
    }

}

Answer 1

您的服務器必須返回Access-Control-Allow-Origin的特定內容：您可以在其中提供webapp主機URL，或動態復制原始信息（出於開發目的）。

注意：其服務器端修復