REST API-CORS问题 [英] REST API - CORS Problems
问题描述
CORS对我来说是个问题.
CORS is being a problem for me..
我在 http://localhost:8080 上使用SPRING制作了REST API,并且我以前经常将此API与 http://localhost 上的纯JS网站,但是在应用OAuth2之后,以下错误开始困扰我.
I made a REST API with SPRING on http://localhost:8080 and I used to use this API with a plain JS site on http://localhost, but after apply OAuth2 the following error started to bother me.
从原始位置通过 http://localhost:8080/oauth/token 访问XMLHttpRequest " http://localhost "已被CORS策略阻止:对预检请求的响应未通过访问控制检查:没有HTTP正常状态
Access to XMLHttpRequest at 'http://localhost:8080/oauth/token' from origin 'http://localhost' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status
在OAuth(使用AJAX和POSTMAN)之前,我可以访问API而没有CORS问题,并且在应用OAuth之后,我可以仅在POSTMAN上使用API,但是我不能对AJAX进行相同操作.
I could access the API without CORS problems before OAuth (with AJAX and POSTMAN), and after apply OAuth I could use the API just on POSTMAN, but I couldn't do the same with AJAX.
我的AJAX代码:
function pronta(){
var username = "postmain"; // yes, I wrote wrong
var password = "1234";
function make_base_auth(user, password) {
var tok = user + ':' + password;
var hash = btoa(tok);
return "Basic " + hash;
}
$.ajax
({
type: "POST",
url: "http://localhost:8080/oauth/token",
dataType: 'json',
data: {
'grant-type': 'password',
'username': 'Tiago',
'password': '123'
},
header:{'Authorization': make_base_auth(username, password)}, // I've tried on both manners. with header and with beforeSend
beforeSend: function (xhr){
xhr.setRequestHeader('Authorization', make_base_auth(username, password));
},
success: function (){
alert('done');
}
});
}
我的CORS过滤器(基于SPRING REST API)
@Component
public class SimpleCORSFilter implements Filter {
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) res;
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, PUT, OPTIONS, DELETE, PATCH");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
chain.doFilter(req, res);
}
@Override
public void init(FilterConfig filterConfig) {}
@Override
public void destroy() {}
}
该过滤器在OAuth之前运行良好
The filter was working well before OAuth
一些想法正在发生什么?
Some ideas what's happening?
Tks
推荐答案
我明白了. 问题是每次我尝试发出请求时,都会先发出预检请求(就像REST体系结构设计那样).
I got it.. The problem was everytime I was trying to make a request, a preflight request was subimited before (like REST architecture is designed to do).
考虑到这一点,我只是准备允许服务器使用OPTIONS方法.
Taking this into account I just prepare the server to permit OPTIONS methods.
喜欢这个..
@Order(-1)
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers(HttpMethod.OPTIONS, "/oauth/token").permitAll();
}
在类开始之前,请不要忘记@Configuration
批注.
Do not forget @Configuration
annotation before class starting.
再见
这篇关于REST API-CORS问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!