Spring Boot安全性在请求的资源上没有'Access-Control-Allow-Origin'标头 [英] Spring Boot Security No 'Access-Control-Allow-Origin' header is present on the requested resource Error

问题描述

我正在使用Spring Security构建一个Spring Boot应用程序.我有一个删除功能，该功能通过使用JavaScript的Fetch API通过AJAX请求完成.该功能可在Chrome和Firefox中正常运行，但是会在Opera中引起问题.正如我提到的，控制台中显示在请求的资源上没有'Access-Control-Allow-Origin'标头"错误.

I'm building a Spring Boot application with Spring Security. I have a delete functionality which is done through AJAX request using JavaScript's Fetch API. The functionality works correctly in Chrome and Firefox, however it causes problem in Opera. As I mentioned, 'No 'Access-Control-Allow-Origin' header is present on the requested resource' error is shown in the console.

我搜索了它，这是由于CORS的缘故，浏览器通常不允许将AJAX请求发送到不同的来源，但是删除请求在同一域中，并且如果它在Chrome/Firefox中也能正常工作，我想知道为什么会这样吗? t在Opera中.

I searched for it, it was because of CORS, browsers normally doesn't allow AJAX requests to different origins, however delete request is in the same domain and if it does work in Chrome/Firefox, I wonder why it doesn't in Opera.

现在，我不共享任何与应用程序相关的代码，只是因为如果核心存在问题，它将无法在其他浏览器中工作，对吗?但是，如果应该共享任何代码，请说出来，我将与您分享.但是现在，我什至不知道出了什么问题.预先感谢.

Now, I'm not sharing any code related to application, just because if there was a problem in core, it wouldn't work in other browsers, would it? But in case any code should be shared, please say it, so I'll share. But right now, I don't even know what is wrong. Thanks beforehand.

推荐答案

您可以通过实现Filter来允许所有标头.

You can allow your all header by implementing Filter.

尝试一下:

@Component
@Order(Ordered.HIGHEST_PRECEDENCE)
public class CORSFilter implements Filter {


    @Override
    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
        HttpServletResponse response = (HttpServletResponse) res;
        HttpServletRequest request = (HttpServletRequest) req;
        response.setHeader("Access-Control-Allow-Origin", "*");
        response.setHeader("Access-Control-Allow-Methods", "*");
        response.setHeader("Access-Control-Max-Age", "3600");
        response.setHeader("Access-Control-Allow-Headers", "*");
        //response.setHeader("Access-Control-Expose-Headers","yourCustomHeaderIfExist");

        if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {
            response.setStatus(HttpServletResponse.SC_OK);
        } else {
            chain.doFilter(req, res);
        }
    }

    @Override
    public void init(FilterConfig filterConfig) {
    }

    @Override
    public void destroy() {
    }

}

并在控制器之前添加@CrossOrigin批注.

And add @CrossOrigin annotation before your controller.

您也可以尝试添加此bean:

You can also try with add this bean:

 @Bean
        public WebMvcConfigurer corsConfigurer() {
            return new WebMvcConfigurerAdapter() {
                @Override
                public void addCorsMappings(CorsRegistry registry) {
                    registry.addMapping("/**").allowedOrigins("*").allowedMethods("GET", "POST","PUT", "DELETE");


                }
            };
        }

这篇关于Spring Boot安全性在请求的资源上没有'Access-Control-Allow-Origin'标头的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！