我在 Spring Boot 中使用以下配置设置 CORS,但浏览器显示好像我正在使用 * 而不是指定的 URL!
@Bean
public CorsConfigurationSource corsConfigurationSource() {
final CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(ImmutableList.of("http://localhost:4200"));
configuration.setAllowedMethods(ImmutableList.of("HEAD",
"GET", "POST", "PUT", "DELETE", "PATCH"));
configuration.setAllowedHeaders(ImmutableList.of("Authorization", "Cache-Control", "Content-Type", "Access-Control-Allow-Origin"));
final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
Spring Boot支持的更简单的方法是在控制器上设置@CrossOrigin注释。
示例:
@CrossOrigin(“http://localhost:4200”)
如果你使用Spring Security:
@EnableWebSecurity
public class WebSecurityConfig {
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.cors().and()...
}
}
还有很多设置cors的方法,请关注这篇文章:https://www.baeldung.com/spring-cors