我的前端(Angular 框架)在 localhost 上工作正常,但是当我从 S3 启动它时,API 全部被 CORS 策略错误阻止。
这是一个错误示例:
Access to XMLHttpRequest at 'http://localhost:8080/v1/sendPasswordRecoveryEmail' from origin 'http://3db-frontend.s3-website.eu-central-1.amazonaws.com' has been blocked by CORS policy: The request client is not a secure context and the resource is in more-private address space `local`.
现在,我在 Amazon S3 上启动了前端,并连接到我的本地主机 Spring 服务器(为了简单起见)。
这是我在 S3 上写的 CORS 政策:
[
{
"AllowedHeaders": [
"x-amz-*",
"*"
],
"AllowedMethods": [
"GET",
"HEAD",
"PUT",
"POST",
"DELETE"
],
"AllowedOrigins": [
"*"
],
"ExposeHeaders": [],
"MaxAgeSeconds": 3000
}
]
我希望从我的 Angular 环境发起的所有请求都得到 AWS S3 的授权。
由于问题不是AWS S3而是我的服务器,所以我写下我如何配置CORS权限:
@Bean
public WebMvcConfigurer corsConfigurer() {
return new WebMvcConfigurer() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedOrigins("http://3db-frontend.s3-website.eu-central-1.amazonaws.com","https://cangy98.github.io","http://3db-frontend.s3-website.eu-central-1.amazonaws.com","http://localhost:4200", "http://localhost:8080") // Sostituisci con l'origine del frontend
.allowedMethods("GET", "POST", "PUT", "DELETE","PATCH")
.allowedHeaders("*")
.allowCredentials(true);
}
};
}
这是我的安全过滤器链:
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
//ABILITAZIONE CORS-policy DA PROCESSARE NECESSARIAMENTE PRIMA DI SPRING-SECURITY
http
.cors(withDefaults())
.csrf(AbstractHttpConfigurer::disable)
.cors(withDefaults())
.authorizeHttpRequests(request -> request
.requestMatchers("/api/v1/auth/signin").permitAll()
.requestMatchers("/api/v1/auth/signup").permitAll()
.requestMatchers("/swagger-ui/**").permitAll()
.requestMatchers("/v3/api-docs").permitAll()
/*.requestMatchers("https://checkout.stripe.com/c/pay/**").permitAll()
.requestMatchers("/v1/create-checkout-session").permitAll()*/
.requestMatchers(HttpMethod.GET,"/v1/collection/**").permitAll()
.requestMatchers(HttpMethod.GET,"/v1/product/**").permitAll()
.requestMatchers(HttpMethod.GET,"/v1/jwt/**").permitAll()
.requestMatchers(HttpMethod.PUT,"/v1/autorizzazioni").permitAll()
.requestMatchers(HttpMethod.GET,"/v1/getWelcome").permitAll()
.requestMatchers(HttpMethod.PATCH,"/v1/verificationEmail/**").permitAll()
.requestMatchers(HttpMethod.GET,"/v1/verificationEmail/**").permitAll()
.requestMatchers(HttpMethod.POST,"/v1/sendPasswordRecoveryEmail/**").permitAll()
.requestMatchers(HttpMethod.PATCH,"/api/v1/auth/changePassword").permitAll()
.anyRequest().authenticated())
.sessionManagement(manager -> manager.sessionCreationPolicy(STATELESS))
.authenticationProvider(authenticationProvider()).addFilterBefore(
jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
return http.build();
}