Spring CORS控制器注释不工作 [英] Spring CORS controller annotation not working

问题描述

我想允许一个域的跨源请求。我的项目使用Spring，所以我想利用新的CORS支持。

I want to allow cross origin requests for one domain. My project uses Spring so I want to take advantage of the new CORS support.

我使用版本 4.2.0 for all springframework dependencies。

I am using version 4.2.0 for all springframework dependencies.

我按照这里的例子 https://spring.io/blog/2015/06/08/cors-support-in-spring-framework#disqus_thread 并尝试了第一个版本。我的控制器注释如下所示：

I followed the example here https://spring.io/blog/2015/06/08/cors-support-in-spring-framework#disqus_thread and tried the first version. My controller annotations looks like:

@CrossOrigin(origins = "http://fiddle.jshell.net/", maxAge = 3600)
@Controller
@RequestMapping("/rest")
public class MyController 

b $ b

如果我理解正确，mvc-config是一个替代方法。我也尝试过：

If I understood correctly the mvc-config is an alternative method. I tried it as well:

<mvc:cors>  
    <mvc:mapping path="/**"
        allowed-origins="http://fiddle.jshell.net/, http://domain2.com"
        allowed-methods="GET, PUT"
        allowed-headers="header1, header2, header3"
        exposed-headers="header1, header2" allow-credentials="false"
        max-age="123" />    
</mvc:cors>

无论使用哪种方法，Response都不包含 Access -Control-Allow-Origin ，我也无法通过jsfiddle的简单查询得到结果。

With either methods, the Response doesn't seem to contain anything like Access-Control-Allow-Origin, neither can I get a result back through a simple query from jsfiddle.

Chrome开发人员工具，当从localhost运行和访问时如下。在这种情况下，请求来自相同的域，而不是通过javascript，但我认为CORS注释将添加访问控制参数吗？

The header info from Chrome developer tools, when ran and accessed from localhost is below. In this case the request is from the same domain and not through javascript, but I thought the CORS annotation would add the access control parameters anyway?

响应标题：

Content-Length:174869 
Content-Type:text/html;charset=UTF-8 
Date:Fri, 21 Aug 2015 12:21:09 GMT 
Server:Apache-Coyote/1.1

请求标题：

      Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*\/*;q=0.8
Accept-Encoding:gzip, deflate, sdch
Accept-Language:en-US,en;q=0.8,ro;q=0.6,de;q=0.4,fr;q=0.2
Cache-Control:no-cache 
Connection:keep-alive
Cookie:JSESSIONID=831EBC138D2B7E176DF4945ADA05CAC1;_ga=GA1.1.1046500342.1404228238; undefined=0 
Host:localhost:8080 
Pragma:no-cache 
Upgrade-Insecure-Requests:1 
User-Agent:Mozilla/5.0(Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36

不使用弹簧启动，我认为我错过了一个配置步骤。

I do not use spring boot and I presume I missed a configuration step.

推荐答案

当我在@Configuration注释类中没有@EnableWebMvc注释时，会出现问题。
我已经报告这个问题，作为Sping Jira中的一个错误，后面有详细信息： https： //jira.spring.io/browse/SPR-13857

I've reproduced this problem for myself. The problem happens when I don't have @EnableWebMvc annotation in my @Configuration annotated class. I've reported this problem as a bug in Sping Jira with details behind it: https://jira.spring.io/browse/SPR-13857

我在代码或文档中看到修复。文档修复将在@CrossOrigin类javadoc中声明@EnableWebMvc是必需的，但我更喜欢在代码中的修复，使得cors注释工作没有@EnableWebMvc。

I see the fix either in code or in documentation. Documentation fix would be to state in @CrossOrigin class javadoc that @EnableWebMvc is required, but I'd prefer the fix in code so that cors annotation works without @EnableWebMvc.

这篇关于Spring CORS控制器注释不工作的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！