已被CORS政策阻止:对预检请求的响应未通过 [英] has been blocked by CORS policy: Response to preflight request doesn't pass

问题描述

我使用angular和springboot创建了一个应用程序，用于通过Spring安全性进行基本身份验证，但是我遇到了401错误..i我是springboot的新手

I have created one app using angular and springboot for basic authentication with spring security but i am getting 401 error ..i am novice in springboot

@Configuration
@EnableWebSecurity
public class SpringSecurityConfigurationBasicAuth extends WebSecurityConfigurerAdapter{ 

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .csrf().disable()
            .authorizeRequests()
            .antMatchers(HttpMethod.OPTIONS,"/**").permitAll()
                .anyRequest().authenticated()
                .and()
            //.formLogin().and()
            .httpBasic();
    }
}

通过' http://localhost:8080/hello-world来源' http://localhost:4200 的/path-variable/MSD '已被阻止CORS政策:对预检请求的响应未通过访问控制检查:它没有HTTP正常状态."

"Access to XMLHttpRequest at 'http://localhost:8080/hello-world/path-variable/MSD' from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status."

推荐答案

您可以尝试以下方法在 controller 的顶部，您可以添加 @CrossOrigin(origins ="*"，allowedHeaders ="*")或根据需要进行自定义

You could try the following At the top of the controller, you can add @CrossOrigin(origins = "*", allowedHeaders = "*") or customise if required

...
@CrossOrigin(origins = "*", allowedHeaders = "*")
@RestController
public class UserController {
    // Methods
}
...

请尝试上述解决方案，让我知道这是否无效

Please try above solution and let me know if this doesnt work

您也可以尝试使用 CORS 选项创建过滤器:

EDIT 1: You could also try to create a filter with CORS options:

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;

@Component
@Order(1)
public class SimpleCORSFilter implements Filter {

    private final Logger log = LoggerFactory.getLogger(SimpleCORSFilter.class);

    public SimpleCORSFilter() {
        log.info("SimpleCORSFilter init");
    }

    @Override
    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
            throws IOException, ServletException {

        // HttpServletRequest request = (HttpServletRequest) req;
        HttpServletResponse response = (HttpServletResponse) res;

        response.setHeader("Access-Control-Allow-Origin", "*");
        response.setHeader("Access-Control-Allow-Credentials", "true");
        response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
        response.setHeader("Access-Control-Max-Age", "3600");
        response.setHeader("Access-Control-Allow-Headers", "Content-Type, Accept, X-Requested-With, remember-me");

        chain.doFilter(req, res);
    }

    @Override
    public void init(FilterConfig filterConfig) {
    }

    @Override
    public void destroy() {
    }

}

请尝试使用 filters 方法，并让我知道它是否无效

Please try with the filters method and let me know if it doesn't work

这篇关于已被CORS政策阻止:对预检请求的响应未通过的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！