我正在为我的项目之一使用Angular-8 / Spring / AWS。
虽然从客户端进行HTTP调用,但以前我只需要发送Authorization
标头,它就可以与服务器一起很好地工作。
最近,我的服务器希望我发送一些自定义标头(例如x-request-time,x-correaltion-id等)。我尝试将这些标头设置为在拦截器中的请求,如下所示:
const headers = this.getRequestHeaders();
// cloning the request for updating the headers and url
const authReq = req.clone({ headers, url: fullReqUrl });
return next.handle(authReq).pipe(
map(res => res),
catchError(err => this.handlerError(err))
);
和
getRequestHeaders() {
return new HttpHeaders( {
'Authorization': this.awsService.getAccessToken(),
'x-request-time': 'new Date().toISOString()'
// I am setting few more headers, skipping them here for simplicity
});
}
但是,这样做之后,我不断得到
请求标头字段x-request-time不允许飞行前响应中的Access-Control-Allow-Header。
我已经尝试研究该错误并阅读了多个帖子。我想这here详细解释了它。因此,我需要使用允许OPTION方法和允许自定义标头的设置来更新服务器。
我检查后发现我的服务器已经完成了。这是服务器CORS过滤器的外观:
@Component
@Order(1)
public class CORSFilter implements Filter{
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) res;
HttpServletRequest request = (HttpServletRequest) req;
response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin"));
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Allow-Headers", "*");
chain.doFilter(req, res);
}
@Override
public void init(FilterConfig filterConfig) {}
@Override
public void destroy() {}
}
因此服务器允许所有方法和所有标头(*)。我仍然不断收到以下错误。
解决此问题的正确方法是什么。我在客户端或服务器上缺少什么吗?请帮助。
chain.doFilter(req, response);
行应该返回response
,不是res
。
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) res;
HttpServletRequest request = (HttpServletRequest) req;
response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin"));
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Allow-Headers", "*");
chain.doFilter(req, response);
}