OPTIONS 请求使用 CORS 进行宁静的跨域 [英] OPTIONS request for restful cross-domain using CORS
问题描述
在客户端,我使用带有 json 的 Ajax.post (jquery 1.5).在服务器端,我使用的是 rest resteasy-jaxrs-2.0.1.GA.我发现我应该在服务器响应中添加几个标头,我已经完成了以下过滤器:
On client side I'm using Ajax.post (jquery 1.5) with json. On server side I'm using rest resteasy-jaxrs-2.0.1.GA. I found somewhere that i should add couple of headers to server response and I've done with following filter:
public void doFilter( ServletRequest req,
ServletResponse res,
FilterChain filterChain)
throws IOException, ServletException {
MyServletRequestWrapper httpReq = new MyServletRequestWrapper((HttpServletRequest)req);
HttpServletResponse httpRes = (HttpServletResponse)res;
HttpSession session = httpReq.getSession();
httpRes.addHeader(ACCESS_CONTROL_ALLOW_ORIGIN, "*");
httpRes.addHeader(ACCESS_CONTROL_ALLOW_CREDENTIALS, "true");
if (((HttpServletRequest) req).getMethod().equals("OPTIONS")){
httpRes.addHeader(ACCESS_CONTROL_ALLOW_METHODS, "GET, POST, OPTIONS, PUT, DELETE");
httpRes.addHeader(ACCESS_CONTROL_ALLOW_HEADERS, "content-type, x-requested-with, x-requested-by");
}
filterChain.doFilter(httpReq, httpRes);
}
它工作正常,因为添加了标头上方的每个 GET 响应.当我想使用 POST 请求时出现问题.当我使用 Ajax.post 时,首先服务器收到 OPTIONS 请求并且出现以下错误:
It works fine cause to every single GET response above headers are added. Problem appears when I want to use POST request. When I use Ajax.post, at first server gets OPTIONS request and I've got following error:
<代码>执行选项 [REST_PATH] 失败org.jboss.resteasy.spi.DefaultOptionsMethodException: 没有找到选项的资源方法,返回 OK 并带有 Allow header
为了解决上述错误,我尝试使用与 POST ([REST_PATH]) 相同的路径但使用 @OPTION 注释添加方法调用.在那种情况下,javac 告诉我找不到符号 :class OPTIONS,即使附加的 jaxrs 库中有一个 OPTION.class.
To solve above error I was trying to add method invoke with the same path as POST ([REST_PATH]) but with @OPTION annotation. In that case javac told me that symbol :class OPTIONS could not be found, even there is a OPTION.class in attached jaxrs library.
有什么解决办法吗?如有任何线索,我将不胜感激.
Any ideas to fix it? I would be very grateful for any clues.
推荐答案
当我尝试使用 Angular 2 客户端调用我的服务时,RestEasy 正在响应带有 HTTP 状态 500 和以下错误的预检请求.
When I was trying to call my service with an Angular 2 client RestEasy was responding to the preflight requests with the HTTP status 500 and the following error.
RESTEASY003655:找不到选项的资源方法,返回 OK允许标题
RESTEASY003655: No resource method found for options, return OK with Allow header
我试过RestEasy 的 CorsFilter 但我想提出一个简单的替代方案.如果您不想编写处理每个端点的 OPTIONS 调用的代码怎么办?
I tried RestEasy's CorsFilter but I'd like to propose a simple alternative. What if you don't want to write code handling the OPTIONS call for each of your endpoints ?
我实现了一个简单的过滤器:
I implemented a simple filter that:
- 将您需要的 CORS 标头应用于响应.
- 在使用 OPTIONS 方法调用端点时返回 HTTP 状态代码 200.您告诉客户端其 CORS 预检请求已被接受.
这是代码.如果您只想在查询真实"端点时发回 200,请随意优化过滤器.
Here is the code. Feel free to refine the filter if you only want to send back a 200 when querying a "real" endpoint.
@Provider
public class CorsFilter implements ContainerResponseFilter {
@Override
public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext) throws IOException {
MultivaluedMap<String, Object> headers = responseContext.getHeaders();
headers.add("Access-Control-Allow-Origin", "*"); // If you want to be more restrictive it could be localhost:4200
headers.add("Access-Control-Allow-Methods", "GET, PUT, POST, OPTIONS"); // You can add HEAD, DELETE, TRACE, PATCH
headers.add("Access-Control-Allow-Headers", "Content-Type, Authorization, Accept, Accept-Language"); // You can add many more
if (requestContext.getMethod().equals("OPTIONS"))
responseContext.setStatus(200);
}}
确保也了解 CORS.
这篇关于OPTIONS 请求使用 CORS 进行宁静的跨域的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!