我一直在尝试让 CORS 能够通过 Angular 应用程序使用我的 Spring Boot API,但它不起作用。 代码如下:
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
.cors(Customizer.withDefaults())
.csrf(AbstractHttpConfigurer::disable)
.authorizeHttpRequests(auth -> auth
.requestMatchers("/api/auth/**",
"/swagger-ui/index.html",
"/swagger-ui/**",
"/v3/api-docs/**")
.permitAll()
.anyRequest()
.authenticated())
.authenticationProvider(authenticationProvider)
.addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class)
// new session for each request
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.logout(lOut -> {
lOut.invalidateHttpSession(true)
.clearAuthentication(true)
.logoutRequestMatcher(new AntPathRequestMatcher("/api/auth/logout"))
.logoutSuccessUrl("/login?logout")
.permitAll()
.addLogoutHandler(logoutHandler)
.logoutSuccessHandler(((request, response, authentication) -> SecurityContextHolder.clearContext()));
});
return http.build();
}
@Bean
public CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
config.setAllowedOrigins(Arrays.asList(
"http://localhost:4200"
));
config.setAllowedHeaders(Arrays.asList(
ORIGIN,
CONTENT_TYPE,
ACCEPT,
AUTHORIZATION
));
config.setAllowedMethods(Arrays.asList(
"GET",
"POST",
"DELETE",
"PUT",
"PATCH",
"OPTIONS"
));
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", config);
return source;
}
出于某种原因,如果我尝试从 Postman 调用 API 端点,并使用 http://localhost:4200 添加 Origin 标头,它就会起作用。但是,如果我尝试向 URL 添加某些内容(例如,http://localhost:4200/login),即使
source.registerCorsConfiguration
配置为“/**”,它也不起作用。
在浏览器上,它根本不起作用,并且我不断收到以下错误:“对预检请求的响应未通过访问控制检查:请求的资源上不存在“Access-Control-Allow-Origin”标头”
我尝试过:
.cors(cors -> cors.configurationSource(corsConfigurationSource()))
您可以尝试一下,看看是否有效。
@Bean
CorsFilter corsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
config.addAllowedOriginPattern("*");
config.addAllowedHeader("*");
config.addAllowedMethod("*");
source.registerCorsConfiguration("/**", config);
return new CorsFilter(source);
}
因为我在AllowedOriginPattern中添加了*,你可以相应地更改它。