使用JQuery的WSO2 DAS REST API在“响应预检请求未通过访问控制检查"时崩溃. [英] WSO2 DAS REST API using JQuery crashes on "Response to preflight request doesn't pass access control check"

问题描述

我尝试使用WSO2 DAS 3.0 REST API从我的商店中检索一些数据.使用SoapUI或Chrome扩展REST客户端，API可以正常工作.但是，使用jQuery的Ajax从javascript调用时，它会在相同的原始策略上失败.

I try to use a the WSO2 DAS 3.0 REST API to retreive some data from my store. The API works fine using SoapUI or Chrome extension REST client. However called from javascript using JQuery's Ajax it fail on the same origin policy.

我按照文档所述将过滤器添加到服务器端的web.xml:

I added the filter to the web.xml on the server side as described in documentation:

    <filter>
    <filter-name>CorsFilter</filter-name>
    <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
    <init-param>
        <param-name>cors.allowed.origins</param-name>
        <param-value>*</param-value>
    </init-param>
    <init-param>
        <param-name>cors.allowed.methods</param-name>
        <param-value>GET,POST,HEAD,OPTIONS,PUT,DELETE,PATCH</param-value>
    </init-param>
</filter>
<filter-mapping>
    <filter-name>CorsFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

呼叫看起来像这样:

    $.ajax({
    url: 'https://localhost:9443/analytics/search',
    type: 'POST',
    data: {
        "tableName":"TEST",
        "query":"*:*",
        "start":0,
        "count":100
    },
    headers: {
        Authorization: 'Basic YWRtaW46YWRtaW4=',
    },
    dataType: 'json',
    success: function (data) {
        alert(1);
        //console.info(data);
    }
});

但是，错误消息中未显示允许的来源:

However the allowed origin is not applied as visible from the error message:

XMLHttpRequest cannot load https://localhost:9443/analytics/search. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://myserver' is therefore not allowed access. The response had HTTP status code 403.

有人成功使用JQuery调用API吗?

Anyone sucessfull calling the API using JQuery?

推荐答案

答案很简单，就像JQuery倾向于在预检请求中发送与允许来源相关的标头一样，向服务器端过滤器添加其他参数.配置应如下所示:

The answer is as simple as adding an additional param to the server-side filter as JQuery tends to send allow-origin related headers in the preflight request. The configuration should look like this:

<filter>
    <filter-name>CorsFilter</filter-name>
    <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
    <init-param>
        <param-name>cors.allowed.origins</param-name>
        <param-value>*</param-value>
    </init-param>
    <init-param>
        <param-name>cors.allowed.methods</param-name>
        <param-value>GET,POST,HEAD,OPTIONS,PUT,DELETE,PATCH</param-value>
    </init-param>
    <init-param>
        <param-name>cors.allowed.headers</param-name>
        <param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,authorization</param-value>
    </init-param>
</filter>
<filter-mapping>
    <filter-name>CorsFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

这篇关于使用JQuery的WSO2 DAS REST API在“响应预检请求未通过访问控制检查"时崩溃.的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！