GWT-No'Access-Control-Allow-Origin'头部存在于所请求的资源上 [英] GWT-No 'Access-Control-Allow-Origin' header is present on the requested resource
问题描述
我们正在尝试在tomcat上实现CORS过滤器,以允许跨域请求。我们有两个GWT项目,在两个不同的tomcat(不同的机器)。阅读CORS过滤器文档 CORS 后,我刚添加了CORS过滤器在tomcat的web.xml文件中。
We are trying to Implement CORS filter on tomcat to allow cross domain request. We have two GWT projects both on two different tomcat (different machines). After reading the CORS filter DocumentCORS , I just added the CORS filter in the web.xml file of the tomcat.
`<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
</init-param>
<init-param>
<param-name>cors.exposed.headers</param-name>
<param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
</init-param>
<init-param>
<param-name>cors.support.credentials</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.preflight.maxage</param-name>
<param-value>10</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>`
但它不工作。我有另一个堆栈问题与它相关,但有点混乱如何实现GWT过滤器。
But its not working. I got another stack question related to it but a little bit confusion how to implement filters in GWT ?
推荐答案
扩展是什么是实际过程实施CORS过滤器?过滤并在服务器端添加类,如下所示:
注意:这只是一个简单的例子,让你去。告诉自己关于安全风险,如果你不配置它正确的方法...
检查本文
Extend Filter and add the class on your server side like in this:
NOTE: this is just a simple example to get you going. inform yourself about the security risks if you dont configure it the right way...
check the last part of this article
public class CORSFilter implements Filter {
// For security reasons set this regex to an appropriate value
// example: ".*example\\.com"
private static final String ALLOWED_DOMAINS_REGEXP = ".*";
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse,
FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) servletRequest;
HttpServletResponse resp = (HttpServletResponse) servletResponse;
String origin = req.getHeader("Origin");
if (origin != null && origin.matches(ALLOWED_DOMAINS_REGEXP)) {
resp.addHeader("Access-Control-Allow-Origin", origin);
if ("options".equalsIgnoreCase(req.getMethod())) {
resp.setHeader("Allow", "GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS");
if (origin != null) {
String headers = req.getHeader("Access-Control-Request-Headers");
String method = req.getHeader("Access-Control-Request-Method");
resp.addHeader("Access-Control-Allow-Methods", method);
resp.addHeader("Access-Control-Allow-Headers", headers);
// optional, only needed if you want to allow cookies.
resp.addHeader("Access-Control-Allow-Credentials", "true");
resp.setContentType("text/x-gwt-rpc");
}
resp.getWriter().flush();
return;
}
}
// Fix ios6 caching post requests
if ("post".equalsIgnoreCase(req.getMethod())) {
resp.addHeader("Cache-Control", "no-cache");
}
if (filterChain != null) {
filterChain.doFilter(req, resp);
}
}
@Override
public void destroy() {
}
@Override
public void init(FilterConfig arg0) throws ServletException {
}
}
不要忘记在web.xml(在WAR文件中,而不是tomcat web.xml文件中)添加 Filter 。
Dont forget to add the Filter in your web.xml(inside your WAR file, not the tomcat web.xml) file.
<filter>
<filter-name>corsFilter</filter-name>
<filter-class><YourProjectPath>.CORSFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>corsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
这篇关于GWT-No'Access-Control-Allow-Origin'头部存在于所请求的资源上的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
