如何在Spring Framework 4.2 / Boot 1.3中基于Origin HTTP请求头设置动态的Access-Control-Allow-Origin? [英] How to set dynamic Access-Control-Allow-Origin based on Origin HTTP request header in Spring Framework 4.2/Boot 1.3?
问题描述
Spring 4.2支持CORS,但是允许的原点必须手动设置。与认证结合使用时会出现问题,因为 Access-Control-Allow-Origin:*
不支持认证。
如何自动设置?对Ionic / Cordova客户非常有用。
如果客户端发送 Origin:assets-library:// whatever /
,那么服务器将发送 Access-Control-Allow-Origin:assets-library://无论/
功能请求: https://jira.spring.io/browse/SPR-13511
默认的Spring Boot,当使用 @CrossOrigin
或 addCorsMappings()
。 p>
不是的默认值是使用Sébastien的技术这里(我已经更新了答案)。必须小心:
config.setAllowCredentials(true); 默认为 CorsConfiguration ,因此
是
null
,被视为 false
。
Spring 4.2 has CORS support, however allowed Origin(s) must be set manually. Which is problematic when combined with authentication, because authentication not supported with Access-Control-Allow-Origin: *
.
How to set this automatically? Very useful for Ionic/Cordova clients.
i.e. if client sends Origin: assets-library://whatever/
then server will send Access-Control-Allow-Origin: assets-library://whatever/
Feature request: https://jira.spring.io/browse/SPR-13511
By "default" of Spring Boot, Spring 4.2 does support my described scenario when using @CrossOrigin
or addCorsMappings()
.
What's not default, is by using Sébastien's technique described here (I've since updated the answer). Care must be taken to:
config.setAllowCredentials(true);
because the real default of CorsConfiguration
is it's null
which is treated as false
.
这篇关于如何在Spring Framework 4.2 / Boot 1.3中基于Origin HTTP请求头设置动态的Access-Control-Allow-Origin?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!