来源“http://localhost:4200”已被 CORS 策略阻止:对预检请求的响应未通过访问控制检查:请求的资源上不存在“Access-Control-Allow-Origin”标头。
我在 vs 上使用 anglular 16,在 intelliJ 上使用 java 我的代码与 posman 配合得很好,但我不断收到相同的错误
我尝试在后端添加 cors 配置和过滤器
package project.CORS;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import javax.servlet.Filter;
public class CorsConfig {
@Bean
public FilterRegistrationBean<Filter> corsFilter() {
FilterRegistrationBean<Filter> registrationBean = new FilterRegistrationBean<>();
registrationBean.setFilter(new CorsFilter());
registrationBean.addUrlPatterns("/*");
registrationBean.setOrder(1); // set precedence
return registrationBean;
}
}
package project.CORS;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
public class CorsFilter implements Filter{
private final Logger log = LoggerFactory.getLogger(CorsFilter.class);
public CorsFilter() {
log.info("SimpleCORSFilter init");
}
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin"));
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "Content-Type, Accept, X-Requested-With, remember-me");
chain.doFilter(req, res);
}
@Override
public void init(FilterConfig filterConfig) {
}
@Override
public void destroy() {
}
}
默认 CORS 过滤器发生早于自定义请求/响应过滤器,所以我非常确定,该请求甚至不会进入您的类。
您必须配置SecurityFilterChain bean。您可以研究互联网和文档来了解应该如何配置它。 文档
但这里有一个小例子,说明如何在宠物项目中使用它。
@Bean
public SecurityFilterChain filterChain(HttpSecurity http, AuthenticationProcessFilter authenticationEntryPoint)
throws Exception {
http.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.addFilterBefore(authenticationEntryPoint, UsernamePasswordAuthenticationFilter.class)
.cors()
.configurationSource(corsConfigurationSource())
.and()
.csrf()
.disable()
.authorizeRequests()
.antMatchers("/swagger-ui/**", "/api/login", "/api/v1/users/register", "/api/login/**", "/api/admin/login", "/api/public/**")
.permitAll()
.antMatchers("/api/**")
.permitAll()
.and()
.exceptionHandling()
.accessDeniedHandler((request, response, ex) -> response.setStatus(HttpServletResponse.SC_FORBIDDEN))
.authenticationEntryPoint(
(request, response, authException) -> response.setStatus(HttpServletResponse.SC_UNAUTHORIZED));
return http.build();
}
@Bean
CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(allowedOrigins);
configuration.setAllowedMethods(allowedMethods);
configuration.setAllowedHeaders(allowedHeaders);
configuration.setAllowCredentials(true);
configuration.setMaxAge(3600L);
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/api/**", configuration);
return source;
}