原产地不被访问控制允许来源合法的 - 如何启用CORS使用一个非常简单的网络堆栈和吉斯 [英] Origin is not allowed by Access-Control-Allow-Origin - how to enable CORS using a very simple web stack and guice
问题描述
我不知道,如果问题是涉及到技术,还是我的技术的理解。
I am not sure if the issue is the technologies involved, or my understanding of the technologies.
我已经写在JavaScript和HTML托管在Apache 2.2服务器上的应用HTML5
I have an html5 application written in javascript and html hosted on an apache 2.2 server.
我在使用码头,吉斯,杰克逊用Java编写的Java应用程序,球衣承载了一个简单的REST服务。
I have a java application written in java using jetty, guice, jackson, jersey that hosts a simple REST service.
这两个应用程序在同一机器上运行,另一个在端口80(纯HTML5托管在Apache上的应用程序),另一个在8080(托管在码头/吉斯纯Java应用程序)
Both applications run on the same box, one on port 80 (pure html5 application hosted on apache), the other on 8080 (pure java application hosted on jetty/guice)
我相信答案是在头即时通讯发回。
该CORS头告诉浏览器,你允许外部应用程序打你的API。我似乎无法弄清楚如何配置我的码头,吉斯服务器返回正确的CORS头。
I believe the answer is in the headers im sending back. The CORS headers tell a browser that you allow outside applications to hit your api. I cannot seem to figure out how to configure my Jetty, Guice server to return the correct CORS headers.
我使用的是imbeded Jetty服务器,所以我没有一个web.xml文件与添加标题。
I am using an imbeded Jetty server so I do not have a web.xml file to add the headers with.
这也可能是与如何HTML5的应用程序服务器(在这种情况下的Apache 2.2)是服务于应用程序。
It also might be something to do with how the HTML5 application server (in this case apache 2.2) is serving the application.
Apache的httpd.conf文件的条目:
The apache httpd.conf file has the entry:
LoadModule headers_module modules/mod_headers.so
<IFModule mod_headers>
Header add Access-Control-Allow-Origin "*"
Header add Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE, HEAD
Header add Access-Control-Allow-Headers: X-PINGOTHER
Header add Access-Control-Max-Age: 1728000
</IfModule>
在我的Guice的servlet配置我有以下几点:
in my guice servlet configuration I have the following:
public class RestModule extends ServletModule{
@Override
protected void configureServlets() {
bind(QuestbookService.class);
// hook Jersey into Guice Servlet
bind(GuiceContainer.class);
// hook Jackson into Jersey as the POJO <-> JSON mapper
bind(JacksonJsonProvider.class).in(Scopes.SINGLETON);
Map<String, String> guiceContainerConfig = new HashMap<String, String>();
guiceContainerConfig.put(ResourceConfig.PROPERTY_RESOURCE_FILTER_FACTORIES,
HttpStatusCodeMetricResourceFilterFactory.class.getCanonicalName());
serve("/*").with(GuiceContainer.class, guiceContainerConfig);
}
}
我认为这个问题是在我的吉斯的配置,因为我没有一个地方设置响应标头。
I think the problem is in my guice config since I don't have a place to set the response headers.
我使用的是嵌入式Jetty服务器,因此我想通开发模式将绕过整个检查,但我可能是错的。
I am using an embedded jetty server and thus I figured dev mode would bypass the whole check, but I could be wrong.
感谢您提出的任何建议。
Thank you for any advice.
推荐答案
做我的应用程序的具体要求。服务器需要从客户端seporate完全地seporate。客户端应该能够经由它可以任何方法连接到通信服务器。
Do to the specific requirements of my application. The server needs to be seporate completly seporate from the client. The client should be able to connect to the communication server via any method it can.
由于第一次执行这个应用将是REST驱动的,我需要能够从任何地方接受的休息。
Since the first implementation of this application is going to be REST driven, I need to be able to accept rest from anywhere.
另外,我要完全地XML的配置较少,所以我用吉斯与嵌入Jetty服务器。由于我没有web.xml文件,我无法弄清楚如何设置标题,可让CORS。
In addition, I want a completly xml-less config, so I use Guice with an imbedded Jetty server. Since I do not have a web.xml file, I could not figure out how to set the headers to allow CORS.
试验和错误,以及阅读吉斯文件很多,我发现如何将CORS标头添加到响应而使服务器。
After alot of trial and error, and reading the guice documentation, I found how to add the CORS headers to the response leaving the server.
在吉斯的servlet类,可以过滤器添加到servlet上下文。这让我有所有请求通过一个特定的servlet。
The Guice ServletModule class allows you to add filters to your servlet context. This allows me to have all requests pass through a given servlet.
由于我试图创建一个响应CORS请求的其余部分应用程序,我需要一个添加的CORS头以任何请求的响应的滤波器。眼下,它的响应所有请求,但最终如果服务层200回应我只会回应 - 300响应code
Since I am trying to build a rest application that responds to CORS requests, i needed a filter that added the cors headers to the response of any request. Right now, its responding to all requests, but eventually I will only respond if the service layer responds with a 200 - 300 response code.
因此,为了能够在我的嵌入式服务器采用CORS吉斯我建了一个过滤器,看起来像这样:
So to enable cors in my embedded server using guice I built a filter that looks like this:
@Singleton
public class CorsFilter implements Filter{
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain filterChain) throws IOException, ServletException {
if(response instanceof HttpServletResponse){
HttpServletResponse alteredResponse = ((HttpServletResponse)response);
addCorsHeader(alteredResponse);
}
filterChain.doFilter(request, response);
}
private void addCorsHeader(HttpServletResponse response){
//TODO: externalize the Allow-Origin
response.addHeader("Access-Control-Allow-Origin", "*");
response.addHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE, HEAD");
response.addHeader("Access-Control-Allow-Headers", "X-PINGOTHER, Origin, X-Requested-With, Content-Type, Accept");
response.addHeader("Access-Control-Max-Age", "1728000");
}
@Override
public void destroy() {}
@Override
public void init(FilterConfig filterConfig)throws ServletException{}
}
吉斯提供了一个抽象类,它允许您配置吉斯的Servlet。
Guice provides an abstract class that allows you to configure the Guice Servlet.
配置模块如下:
public class RestModule extends ServletModule{
@Override
protected void configureServlets() {
bind(MyServiceClass.class);
// hook Jersey into Guice Servlet
bind(GuiceContainer.class);
// hook Jackson into Jersey as the POJO <-> JSON mapper
bind(JacksonJsonProvider.class).in(Scopes.SINGLETON);
Map<String, String> guiceContainerConfig = new HashMap<String, String>();
serve("/*").with(GuiceContainer.class, guiceContainerConfig);
filter("/*").through(CorsFilter.class);
}
}
现在吉斯将增加CORS标头到每个响应。让我的纯HTML 5应用程序去跟它,不管它是被服务。
Now guice will add cors headers to every response. Allowing my pure HTML 5 application to talk to it, no matter where it is being served.
这篇关于原产地不被访问控制允许来源合法的 - 如何启用CORS使用一个非常简单的网络堆栈和吉斯的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
