我正在尝试调用spring的授权端点POST http://localhost:8080/oauth/token?grant_type=password
但我收到了以下CORS错误:
Access to XMLHttpRequest at 'http://localhost:8080/oauth/token?grant_type=password' from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.
我尝试通过spring的参考文档将其禁用,如下所示:
@EnableWebMvc
@Configuration
public class CustomWebConfig implements WebMvcConfigurer {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedMethods("*")
.allowedOrigins("*");
}
}
并且在WebSecurityConfiguredAdapter中覆盖这样的安全性cors配置:
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.cors(AbstractHttpConfigurer::disable)
.csrf(AbstractHttpConfigurer::disable)
...
}
您在网络安全中需要此: