Liberty server.xml和CORS設置

Question

在WebSphere Liberty上，我有一個在https：// localhost：9443 / context-root / objects上運行的后端。 它可以工作，我可以從瀏覽器或郵遞員測試我的REST API。

我用Visual Studio Code在Angular中編寫了一個Web UI。 當我嘗試使用CREST localhost：4200和REST API的UI http調用測試（'> ng serve'）時，出現錯誤：

1. 沒有CORS設置的server.xml
   

    The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. Origin 'http://localhost:4200' is therefore not allowed access. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute. 

響應標題

Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:origin, content-type, accept, authorization 
Access-Control-Allow-Methods:GET, POST, PUT, DELETE, OPTIONS, HEAD
Access-Control-Allow-Origin:*
Access_Control_Max_Age:43200
Cache-Control:no-store, no-cache=set-cookie
Content-Length:284
Content-Type:application/json

2. 具有CORS設置的server.xml

    <cors domain="/context-root" allowedOrigins="http://localhost:4200" allowedMethods="GET, DELETE, POST, PUT" allowedHeaders="accept" allowCredentials="true" maxAge="3600" /> 

錯誤：

Failed to load https://localhost:9443/context-root/objects: The 'Access-Control-Allow-Origin' header contains multiple values 'http://localhost:4200, *', but only one is allowed. Origin 'http://localhost:4200' is therefore not allowed access.

響應頭：

Access-Control-Allow-Credentials:true
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:origin, content-type, accept, authorization
Access-Control-Allow-Methods:GET, POST, PUT, DELETE, OPTIONS, HEAD
Access-Control-Allow-Origin:http://localhost:4200
Access-Control-Allow-Origin:*
Access_Control_Max_Age:43200 

我不確定為什么我在響應標頭中得到雙精度值，特別是為什么我得到2 allow-origin。 有沒有解決的辦法？ 謝謝

Answer 1

從上面的評論到我的回答就是解決方案。
有一個ContainerResponseFilter類，可以通過編程方式始終添加CORS設置，無論它們是否在server.xml中設置。
結果，每個REST API調用在所有Response中都包含它們。
我刪除了過濾器類，從而解決了該問題。 謝謝 ：-）

`

@Override
   public void filter( ContainerRequestContext requestContext,
         ContainerResponseContext responseContext )
         throws IOException
   {
      final int ACCESS_CONTROL_MAX_AGE_IN_SECONDS = 12 * 60 * 60;
      MultivaluedMap<String, Object> headers = responseContext.getHeaders();
      headers.add( "Access-Control-Allow-Credentials", "true" );
      headers.add( "Access-Control-Allow-Headers",
            "origin, content-type, accept, authorization" );
      headers.add( "Access-Control-Allow-Methods",
            "GET, POST, PUT, DELETE, OPTIONS, HEAD" );
      headers.add( "Access-Control-Allow-Origin", "*" );
      headers.add( "Access_Control_Max_Age",
            ACCESS_CONTROL_MAX_AGE_IN_SECONDS );
   }

`