如何在Spring Framework 4.2 / Boot 1.3中基于Origin HTTP请求头设置动态的Access-Control-Allow-Origin？ [英] How to set dynamic Access-Control-Allow-Origin based on Origin HTTP request header in Spring Framework 4.2/Boot 1.3?

问题描述

Spring 4.2支持CORS，但是允许的原点必须手动设置。与认证结合使用时会出现问题，因为 Access-Control-Allow-Origin：* 不支持认证。

如何自动设置？对Ionic / Cordova客户非常有用。

如果客户端发送 Origin：assets-library：// whatever / ，那么服务器将发送 Access-Control-Allow-Origin：assets-library：//无论/

功能请求： https://jira.spring.io/browse/SPR-13511

解决方案

默认的Spring Boot，当使用 @CrossOrigin 或 addCorsMappings（）。 p>

不是的默认值是使用Sébastien的技术这里（我已经更新了答案）。必须小心：

  config.setAllowCredentials（true）;  默认为 CorsConfiguration ，因此
  



是 null ，被视为 false 。

Spring 4.2 has CORS support, however allowed Origin(s) must be set manually. Which is problematic when combined with authentication, because authentication not supported with Access-Control-Allow-Origin: *.

How to set this automatically? Very useful for Ionic/Cordova clients.

i.e. if client sends Origin: assets-library://whatever/ then server will send Access-Control-Allow-Origin: assets-library://whatever/

Feature request: https://jira.spring.io/browse/SPR-13511

解决方案

By "default" of Spring Boot, Spring 4.2 does support my described scenario when using @CrossOrigin or addCorsMappings().

What's not default, is by using Sébastien's technique described here (I've since updated the answer). Care must be taken to:

config.setAllowCredentials(true);

because the real default of CorsConfiguration is it's null which is treated as false.

这篇关于如何在Spring Framework 4.2 / Boot 1.3中基于Origin HTTP请求头设置动态的Access-Control-Allow-Origin？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！