我正在使用
org.springframework.boot:spring-boot-starter-web:2.5.5
和 spring-security
部署为 openshift 中的后端 Spring Boot 应用程序作为容器。还有一个托管在另一个容器上的 Angular 11.0.1 前端应用程序。在从前端应用程序到后端的测试过程中,我收到 CORS 错误。以下是浏览器控制台中的错误消息
Access to XMLHttpRequest at 'https://backend.apps.ocpa.company.com/app/user/config' from origin 'https://frontend.apps.ocpa.company.com' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Credentials' header in the response is '' which must be 'true' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
我在 MvcConfig 类中启用了 cors 配置,如下所示
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@Configuration
public class MvcConfig implements WebMvcConfigurer {
@Value("${cors.allowed-origins:*}")
String allowedOrigins;
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedOrigins(allowedOrigins)
.allowCredentials(true);
}
@Override
public void addViewControllers(ViewControllerRegistry registry) {
registry.addViewController("/home").setViewName("home");
registry.addViewController("/").setViewName("home");
registry.addViewController("/hello").setViewName("hello");
registry.addViewController("/login").setViewName("login");
}
}
我仍然收到此错误
我通过在“public class WebSecurityConfig extends WebSecurityConfigurerAdapter”中添加以下代码片段来解决它
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors().and()......
}
@Bean
CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
System.out.println("corsConfig Source - allowedOrigins " + allowedOrigins);
configuration.setAllowedOrigins(Arrays.asList(allowedOrigins));
ArrayList<String> headersList = new ArrayList<String>();
headersList.add("Authorization");
headersList.add("Cache-Control");
headersList.add("Access-Control-Allow-Credentials");
configuration.setAllowedHeaders(headersList);
configuration.setAllowCredentials(true);
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}