[英]Getting error: 'Access-Control-Allow-Origin' header contains multiple values '*, *', but only one is allowed
I tried to make a connection between my Angular frontend and a REST Endpoint in Java / Spring (which I didn't developed and don't know so well). 通過 GET,一切正常。 通過 POST,我在終端收到消息
已被 CORS 策略阻止:對預檢請求的響應未通過訪問控制檢查:請求的資源上不存在“Access-Control-Allow-Origin”header。
並且,在開發工具的“網絡”選項卡中,OPTIONS 方法出現錯誤 403
Request Method: OPTIONS
Status Code: 403
Remote Address: xx.xx.xx.xx:xxxx
Referrer Policy: strict-origin-when-cross-origin
所以,我在互聯網上搜索了幾次后發現了這種情況,原因是 CORS 設置:通常,在這種情況下,在 POST 之前發送 OPTIONS 調用; 但是,由於 CORS,不允許調用 OPTIONS。 所以,我試圖在我的 controller 上設置這一行
@CrossOrigin(origins = "*", methods = {RequestMethod.OPTIONS, RequestMethod.GET, RequestMethod.POST, RequestMethod.PUT, RequestMethod.DELETE})
這次錯誤改變了
Multiple CORS header 'Access-Control-Allow-Origin' not allowed
But the code I added is the only similar to @CrossOrigin, I dind't found others similar.
因此,根據帖子CORS 問題 - No 'Access-Control-Allow-Origin' header is present on the requested resource ,我嘗試了以下解決方案:
@Configuration
public class WebConfig extends WebMvcConfigurerAdapter {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedMethods("HEAD", "GET", "PUT", "POST", "DELETE", "PATCH");
}
}
和
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// http.csrf().disable();
http.cors();
}
@Bean
public CorsConfigurationSource corsConfigurationSource() {
final CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(ImmutableList.of("*"));
configuration.setAllowedMethods(ImmutableList.of("HEAD",
"GET", "POST", "PUT", "DELETE", "PATCH"));
// setAllowCredentials(true) is important, otherwise:
// The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'.
configuration.setAllowCredentials(true);
// setAllowedHeaders is important! Without it, OPTIONS preflight request
// will fail with 403 Invalid CORS request
configuration.setAllowedHeaders(ImmutableList.of("Authorization", "Cache-Control", "Content-Type"));
final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
}
但是這次我在控制台看到的錯誤變成了
已被 CORS 策略阻止:“Access-Control-Allow-Origin”header 包含多個值“*、*”,但只允許一個。
所以,這是我到達的最后一點。 如何解決關於多個值的最后一個錯誤? 每次我處理這個問題時,我都會提前一步,錯誤會發生變化,但它仍然存在。
只需將其添加到您的 WebSecurityConfigurerAdapter
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
/*@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedMethods("HEAD", "GET", "PUT", "POST", "DELETE", "PATCH");
}*/ not needed
@Override
protected void configure(HttpSecurity http) throws Exception {
http
// by default uses a Bean by the name of corsConfigurationSource
.cors(withDefaults())
...
}
@Bean
CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Arrays.asList("https://localhost:5000"));// if your front end running on localhost:5000
configuration.setAllowedMethods(Arrays.asList("GET","POST"));
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
}
確保您沒有任何其他過濾器或注釋 cors 除了上面的代碼
如果您不使用 Spring 安全性:
package com.example.demo;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.Bean;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@SpringBootApplication
public class DemoApplication {
public static void main(String[] args) {
SpringApplication.run(DemoApplication.class, args);
}
@Bean
public WebMvcConfigurer corsConfigurer() {
return new WebMvcConfigurer() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry
.addMapping("/**")
.allowedOrigins("*","http://localhost:5000");// list all domains
}
};
}
}
…上不存在“ Access-Control-Allow-Origin”標頭,因此不允許訪問源“ null”
[英]No 'Access-Control-Allow-Origin' header is present on … Origin 'null' is therefore not allowed access
所請求的資源上沒有“ Access-Control-Allow-Origin”標頭。 因此,不允許訪問來源“ xxx”
[英]No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'xxx' is therefore not allowed access
CORS 和錯誤以及 Access-Control-Allow-Origin 標頭問題
[英]Issue with CORS and error and Access-Control-Allow-Origin header
在請求的資源上沒有獲取“ Access-Control-Allow-Origin”標頭。 錯誤
[英]Getting No 'Access-Control-Allow-Origin' header is present on the requested resource. error
XHR錯誤:原始http://本地主機不允許使用Access-Control-Allow-Origin
[英]XHR Error : Origin http://localhost is not allowed by Access-Control-Allow-Origin
Spring Boot + Security:設置允許的來源時沒有Access-Control-Allow-Origin標頭
[英]Spring Boot + Security: No Access-Control-Allow-Origin header when setting allowed origins
在飛行前響應中,Access-Control-Allow-Headers不允許在Request標頭字段中使用cors enable Access-Control-Allow-Origin
[英]cors enable in Request header field Access-Control-Allow-Origin is not allowed by Access-Control-Allow-Headers in preflight response
請求的資源上沒有'Access-control-allow-origin'標頭,因此不允許訪問http:// localhost:4200
[英]NO 'Access-control-allow-origin' header is present on the requested resource.Origin http://localhost:4200 is therefore not allowed access
微服務架構:CORS 配置導致 Access Control Allow Origin header 包含多個值
[英]MicroService Architecture : CORS Configuration results in Access Control Allow Origin header contains multiple values
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.