我遇到问题,我的代码遇到CORS错误。如果我使用--disable-web-security从chrome实例运行代码,则代码可以正常工作。我在Spring ApplicationConfig中有以下代码:
@Bean
public WebMvcConfigurer corsConfigurer() {
return new WebMvcConfigurerAdapter() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**").allowedOrigins("*").allowedMethods("*").allowedHeaders("*");
}
};
}
当我的前端提交其OPTIONS请求成功且状态为200且响应具有以下标头时:
Request URL: http://127.0.0.1:9000/oe/Auth/login
Request Method: OPTIONS
Status Code: 200 OK
Remote Address: 127.0.0.1:9000
Referrer Policy: no-referrer-when-downgrade
Access-Control-Allow-Headers: Content-Type, Access-Control-Allow-Headers, X-Requested-With
Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE, PUT, PATCH
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 3600
Allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Length: 0
Date: Fri, 14 Sep 2018 01:27:15 GMT
Expires: 0
Pragma: no-cache
Server: Apache-Coyote/1.1
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
当它提交POST登录时,我得到以下控制台错误:
Failed to load http://127.0.0.1:9000/oe/Auth/login:
No 'Access-Control-Allow-Origin' header is present on the requested resource.
Origin 'http://localhost:3000' is therefore not allowed access.
这是网络选项卡
Request URL: http://127.0.0.1:9000/oe/Auth/login
Request Method: POST
Status Code: 200 OK
Remote Address: 127.0.0.1:9000
Referrer Policy: no-referrer-when-downgrade
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Date: Mon, 17 Sep 2018 20:19:48 GMT
Expires: 0
Pragma: no-cache
Server: Apache-Coyote/1.1
Set-Cookie: SESSION=ZjlhYTE5NmMtNDk3NC00Yzc4LTk1MDYtN2FjNzBhMjFhMGI0; Path=/oe/; HttpOnly
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
这是因为春天安全在我的CorsRegistration发生事情之前就抓住了这个请求吗?
一位朋友向我推荐了以下帖子中进一步嵌套的答案。你必须为弹簧安全做额外的工作:qazxsw poi