所请求的资源上不存在“ Access-Control-Allow-Origin”标头(春季) [英] No 'Access-Control-Allow-Origin' header is present on the requested resource (Spring)
问题描述
我知道论坛上有很多关于此问题的话题,但是仍然没有找到解决方案。
I know there are a lot threads on the forum about this issue but still haven't figure out a solution.
因此,我在一个我的vps上的私有JVM / tomcat 8.5.30。一个是我的ROOT.war,另一个是admin.war,它们可以从 http://example.com 和 http://example.com/admin
So, I have deployed two applications in a private JVM/tomcat 8.5.30 on my vps. The one is my ROOT.war and the other one is the admin.war They were accesible from http://example.com and http://example.com/admin
在我安装ssl证书之前,一切正常。安装它并强制https重定向后,我的admin.war遇到了问题(现在它们都可以从 https:// example访问。 com 和 https://example.com/admin )
Before I installed a ssl certificate everything worked fine. After installing it and forcing https redirect I am facing a problem with my admin.war (now they are both accesible from https://example.com and https://example.com/admin)
我的管理员使用很多jquery(我无法更改它),每次尝试提交某些内容时都会收到此错误
My admin works with a lot of jquery (I cannot change that) and I am getting this error every time I am trying to submit something
Access to XMLHttpRequest at 'http: //example.com/admin/add' from origin 'https: //example.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
因此,我正在尝试通过Spring Security解决此问题。在我的安全配置中,我有
So I am trying to fix this via spring security. In my security configuration I have
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
public class SiteSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.cors().and()
//.....
}
@Bean
CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Arrays.asList("https://example.com"));
configuration.setAllowedHeaders(Arrays.asList("Access-Control-Allow-Headers"));
configuration.addExposedHeader("Access-Control-Allow-Headers");
configuration.setAllowedMethods(Arrays.asList("POST"));
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
}
我同时为我的root应用程序和管理员执行此操作应用程序(我不知道对他们两个来说是否正确)。仍然无效。
I do this for both my root app and my admin app ( I don't know if that's correct to do it for both of them). Still doesn't work.
有什么帮助吗?
谢谢!
推荐答案
如果看到错误
'http://example.com/admin/add' from origin 'https://example.com' has been blocked
有2个问题
1我想您的 / add
API调用未重定向到https。理想情况下,它应该是 https://example.com/admin/add
或您解决此问题
1 I guess your /add
API call is not getting redirected to https. Ideally it should be https://example.com/admin/add
Either you resolve this
或
2将Admin App中的 setAllowedOrigins
更改为http
2 Change setAllowedOrigins
in your Admin App to http as well like this
@Bean
CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Arrays.asList("https://example.com", "http://example.com"));
configuration.setAllowedHeaders(Arrays.asList("Access-Control-Allow-Headers"));
configuration.addExposedHeader("Access-Control-Allow-Headers");
configuration.setAllowedMethods(Arrays.asList("POST"));
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
这篇关于所请求的资源上不存在“ Access-Control-Allow-Origin”标头(春季)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!