进行POST请求时的Springboot端点403 OPTIONS [英] Springboot endpoint 403 OPTIONS when doing a POST request

问题描述

我正在使用Spring运行服务，当我的Angular前端尝试发出POST请求时，它的403与Request Method:OPTIONS一起获得.

I'm running a service using Spring and my Angular front-end is getting a 403 with Request Method: OPTIONS when it tries to make a POST request.

Spring服务和Angular应用都在我的计算机上本地运行.我尝试使用Chrome插件切换CORS，但这似乎无法解决问题.

Both the Spring service and the Angular app are running locally on my machine. I tried toggling CORS with a Chrome plugin, but that didn't seem to fix the issue.

我对服务的所有GET请求似乎都可以正常工作.我可以在Postman中执行POST请求，所以我不确定为什么有角度的应用程序不能发出请求，而Postman可以.

All my GET requests to the service seem to work alright. I can do the POST request in Postman, so I'm not sure why the angular app can't make the request, but Postman can.

****编辑****

****EDIT****

响应标题

Allow: GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH
Content-Length: 20
Date: Sat, 31 Mar 2018 19:15:01 GMT

请求标头

Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Connection: keep-alive
Host: localhost:9901
Origin: http://localhost:4200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.162 Safari/537.36

推荐答案

CORS请求是由您的前端发出的，以查看您支持的方法(HTTP Verbs)是什么.这通常是用于修改数据的货币操作(例如POST或PUT)所需的.

CORS Request is made by your Frontend to see what are the methods (HTTP Verbs) that your backed allows. This is usually required for monetary operations e.g., POST or PUT which are meant to modify data.

因此，您的前端将首先进行此调用，而后端需要使用允许的方法进行响应，您还可以限制特定的URI，然后在成功验证后进行目标调用.

Hence your Frontend will make this call first and your backend needs to respond with allowed methods, you can also restrict specific URIs, then upon successful validation, the target call is made.

这是完全正常的，角度在内部执行此操作，以便在不知道服务器是否允许的情况下不会发出不必要的数据请求.

This is perfectly normal and angular does this internally so as to not make an unnecessary data request without knowing whether the server will allow.

这是在Spring中进行设置的方式.

Here's how you will set it up in Spring.

    //Change/Customize as necessary
    @Bean
    CorsConfigurationSource corsConfigurationSource() {
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        CorsConfiguration corsConfiguration = new CorsConfiguration();
        corsConfiguration.addAllowedOrigin("<your origin>");
        corsConfiguration.setAllowedMethods(Arrays.asList(
                HttpMethod.GET.name(),
                HttpMethod.HEAD.name(),
                HttpMethod.POST.name(),
                HttpMethod.PUT.name(),
                HttpMethod.DELETE.name()));
        corsConfiguration.setMaxAge(1800L);
        source.registerCorsConfiguration("/**", corsConfiguration); // you restrict your path here
        return source;
    }

如果您还从后端使用任何自定义的response headers，则还需要在CORS配置中允许它. 例如

If you are also using any custom response headers from your backend, then you need to allow that as well in the CORS configuration. As an example

    corsConfiguration.addAllowedHeader("*");
    corsConfiguration.addExposedHeader("header1");
    corsConfiguration.addExposedHeader("header2");

这篇关于进行POST请求时的Springboot端点403 OPTIONS的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！