[英]Liberty server.xml and CORS settings
在WebSphere Liberty上,我有一個在https:// localhost:9443 / context-root / objects上運行的后端。 它可以工作,我可以從瀏覽器或郵遞員測試我的REST API。
我用Visual Studio Code在Angular中編寫了一個Web UI。 當我嘗試使用CREST localhost:4200和REST API的UI http調用測試('> ng serve')時,出現錯誤:
沒有CORS設置的server.xml
The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. Origin 'http://localhost:4200' is therefore not allowed access. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
響應標題
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:origin, content-type, accept, authorization
Access-Control-Allow-Methods:GET, POST, PUT, DELETE, OPTIONS, HEAD
Access-Control-Allow-Origin:*
Access_Control_Max_Age:43200
Cache-Control:no-store, no-cache=set-cookie
Content-Length:284
Content-Type:application/json
具有CORS設置的server.xml
<cors domain="/context-root" allowedOrigins="http://localhost:4200" allowedMethods="GET, DELETE, POST, PUT" allowedHeaders="accept" allowCredentials="true" maxAge="3600" />
錯誤:
Failed to load https://localhost:9443/context-root/objects: The 'Access-Control-Allow-Origin' header contains multiple values 'http://localhost:4200, *', but only one is allowed. Origin 'http://localhost:4200' is therefore not allowed access.
響應頭:
Access-Control-Allow-Credentials:true
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:origin, content-type, accept, authorization
Access-Control-Allow-Methods:GET, POST, PUT, DELETE, OPTIONS, HEAD
Access-Control-Allow-Origin:http://localhost:4200
Access-Control-Allow-Origin:*
Access_Control_Max_Age:43200
我不確定為什么我在響應標頭中得到雙精度值,特別是為什么我得到2 allow-origin。 有沒有解決的辦法? 謝謝
從上面的評論到我的回答就是解決方案。
有一個ContainerResponseFilter類,可以通過編程方式始終添加CORS設置,無論它們是否在server.xml中設置。
結果,每個REST API調用在所有Response中都包含它們。
我刪除了過濾器類,從而解決了該問題。 謝謝 :-)
`
@Override
public void filter( ContainerRequestContext requestContext,
ContainerResponseContext responseContext )
throws IOException
{
final int ACCESS_CONTROL_MAX_AGE_IN_SECONDS = 12 * 60 * 60;
MultivaluedMap<String, Object> headers = responseContext.getHeaders();
headers.add( "Access-Control-Allow-Credentials", "true" );
headers.add( "Access-Control-Allow-Headers",
"origin, content-type, accept, authorization" );
headers.add( "Access-Control-Allow-Methods",
"GET, POST, PUT, DELETE, OPTIONS, HEAD" );
headers.add( "Access-Control-Allow-Origin", "*" );
headers.add( "Access_Control_Max_Age",
ACCESS_CONTROL_MAX_AGE_IN_SECONDS );
}
`
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.