在 Spring Boot 应用程序中禁用 HTTP OPTIONS 方法 [英] Disable HTTP OPTIONS method in spring boot application

问题描述

我在 spring boot 应用程序上开发了 rest API.API 仅接受 GET 和 POST ，但在使用 OPTIONS 方法请求时，API 会响应 200 状态(而不是 405).我在 google 上搜索了这个问题，但没有一个解决方案是基于 springboot 的.

I had developed rest API on spring boot application. The APIs accept only GET , and POST , but on requesting using OPTIONS method , API responding 200 status (instead of 405). I googled this issue , but none of the solution was springboot based .

回复:

Allow: OPTIONS, TRACE, GET, HEAD, POST
Public: OPTIONS, TRACE, GET, HEAD, POST

需要禁用 OPTIONS 方法.

Need to disable OPTIONS method.

推荐答案

以前的答案 仅适用于 tomcat，因此添加我的也是.例如，您可以通过使用标准 servlet 过滤器来禁用方法跨容器:

Previous answer is for tomcat only, so adding mine as well. You can disable the method cross-container by, for example, using a standard servlet filter:

import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest; 
import javax.servlet.http.HttpServletResponse; 

import org.springframework.stereotype.Component;     
import org.springframework.web.filter.OncePerRequestFilter; 

@Component
public class MethodFilter extends OncePerRequestFilter { 

    @Override 
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) 
                    throws ServletException, IOException { 
        if (request.getMethod().equals("OPTIONS")) {
            response.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
        } else { 
            filterChain.doFilter(request, response); 
        } 
    }
} 

注意:假设这个类是由 Spring 组件扫描的.如果没有，您可以使用其他注册方法，详见此处.

Note: it is assumed that this class is componentscanned by Spring. If not, you can use other registration methods as detailed in here.

这篇关于在 Spring Boot 应用程序中禁用 HTTP OPTIONS 方法的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！