如何为 CORS 指定响应标头? [英] How to specify response headers to CORS?
问题描述
我正在 spring 构建后端 REST API,我的朋友正在构建一个 Angular JS 前端应用程序来调用我的 API.我有一个带有密钥 Authorization 的令牌标头和一个允许访问的值否则它会拒绝该服务.从 Postman 和 REST 客户端,我能够接收 API,但在测试时,他说他在预检时收到 401 未经授权的错误.下面是我的 doFilterInternal 方法.
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException {response.setHeader("Access-Control-Allow-Origin", "*");response.setHeader("Access-Control-Allow-Credentials", "true");response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");response.setHeader("Access-Control-Max-Age", "3600");response.setHeader("Access-Control-Allow-Headers","Content-Type, Accept, X-Requested-With, Authorization");}但是当他在 Angular JS 中使用令牌调用 API 时,他得到
所以我按照这个答案这里 并且我添加了属性
spring.mvc.dispatch-options-request=true
在 application.properties.But 中,他的错误似乎就像
预检响应包含无效的 https 状态代码 401
感谢任何帮助.
这是避免预检错误的过滤器
@Overrideprotected void doFilterInternal(HttpServletRequest req, HttpServletResponse res, FilterChain chain) 抛出 ServletException, IOException {LOG.info("添加 CORS 头......................");res.setHeader("Access-Control-Allow-Origin", "*");res.setHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");res.setHeader("Access-Control-Max-Age", "3600");res.setHeader("Access-Control-Allow-Headers", "X-PINGOTHER,Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,Authorization");res.addHeader("Access-Control-Expose-Headers", "xsrf-token");if ("OPTIONS".equals(req.getMethod())) {res.setStatus(HttpServletResponse.SC_OK);} 别的 {chain.doFilter(req, res);}}从帖子 跨源请求阻塞 Spring MVC Restful Angularjs
I am building a backend REST API in spring and my friend is building a Angular JS front end app to call my API.I have a token header with key Authorization and a value which gives access to the service otherwise it refuses.From Postman and REST client I am able to receive the API but when tested he says he gets 401 Unauthorized Error on preflight.Below is my doFilterInternal method.
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException {
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers","Content-Type, Accept, X-Requested-With, Authorization");
}
But when he calls the API with the token in Angular JS he gets
So I followed this answer here and I added the property
spring.mvc.dispatch-options-request=true
in the application.properties.But stillt he error seems to be like
Response for preflight has invalid https status code 401
Any help is appreciated.
Here is the filter which avoid the preflight error
@Override
protected void doFilterInternal(HttpServletRequest req, HttpServletResponse res, FilterChain chain) throws ServletException, IOException {
LOG.info("Adding CORS Headers ........................");
res.setHeader("Access-Control-Allow-Origin", "*");
res.setHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
res.setHeader("Access-Control-Max-Age", "3600");
res.setHeader("Access-Control-Allow-Headers", "X-PINGOTHER,Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,Authorization");
res.addHeader("Access-Control-Expose-Headers", "xsrf-token");
if ("OPTIONS".equals(req.getMethod())) {
res.setStatus(HttpServletResponse.SC_OK);
} else {
chain.doFilter(req, res);
}
}
Found it from the post Cross Origin Request Blocked Spring MVC Restful Angularjs
这篇关于如何为 CORS 指定响应标头?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
