Spring Boot Security No 'Access-Control-Allow-Origin' header is present on the requested resource Error [英] Spring Boot Security No 'Access-Control-Allow-Origin' header is present on the requested resource Error

问题描述

我正在使用 Spring Security 构建一个 Spring Boot 应用程序.我有一个使用 JavaScript 的 Fetch API 通过 AJAX 请求完成的删除功能.该功能在 Chrome 和 Firefox 中正常工作，但在 Opera 中会导致问题.正如我所提到的，控制台中显示了请求的资源上不存在‘Access-Control-Allow-Origin’标头"错误.

I'm building a Spring Boot application with Spring Security. I have a delete functionality which is done through AJAX request using JavaScript's Fetch API. The functionality works correctly in Chrome and Firefox, however it causes problem in Opera. As I mentioned, 'No 'Access-Control-Allow-Origin' header is present on the requested resource' error is shown in the console.

我搜索了它，这是因为 CORS，浏览器通常不允许 AJAX 请求到不同的来源，但是删除请求在同一个域中，如果它在 Chrome/Firefox 中有效，我想知道为什么它不能t 在 Opera 中.

I searched for it, it was because of CORS, browsers normally doesn't allow AJAX requests to different origins, however delete request is in the same domain and if it does work in Chrome/Firefox, I wonder why it doesn't in Opera.

现在，我不会分享任何与应用程序相关的代码，只是因为如果核心出现问题，它就不会在其他浏览器中运行，不是吗?但如果任何代码应该共享，请说出来，所以我会分享.但现在，我什至不知道出了什么问题.先谢谢了.

Now, I'm not sharing any code related to application, just because if there was a problem in core, it wouldn't work in other browsers, would it? But in case any code should be shared, please say it, so I'll share. But right now, I don't even know what is wrong. Thanks beforehand.

推荐答案

你可以通过实现Filter来允许你的all header.

You can allow your all header by implementing Filter.

试试这个:

@Component
@Order(Ordered.HIGHEST_PRECEDENCE)
public class CORSFilter implements Filter {


    @Override
    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
        HttpServletResponse response = (HttpServletResponse) res;
        HttpServletRequest request = (HttpServletRequest) req;
        response.setHeader("Access-Control-Allow-Origin", "*");
        response.setHeader("Access-Control-Allow-Methods", "*");
        response.setHeader("Access-Control-Max-Age", "3600");
        response.setHeader("Access-Control-Allow-Headers", "*");
        //response.setHeader("Access-Control-Expose-Headers","yourCustomHeaderIfExist");

        if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {
            response.setStatus(HttpServletResponse.SC_OK);
        } else {
            chain.doFilter(req, res);
        }
    }

    @Override
    public void init(FilterConfig filterConfig) {
    }

    @Override
    public void destroy() {
    }

}

并在控制器之前添加 @CrossOrigin 注释.

And add @CrossOrigin annotation before your controller.

您也可以尝试添加此 bean:

You can also try with add this bean:

 @Bean
        public WebMvcConfigurer corsConfigurer() {
            return new WebMvcConfigurerAdapter() {
                @Override
                public void addCorsMappings(CorsRegistry registry) {
                    registry.addMapping("/**").allowedOrigins("*").allowedMethods("GET", "POST","PUT", "DELETE");


                }
            };
        }

这篇关于Spring Boot Security No 'Access-Control-Allow-Origin' header is present on the requested resource Error的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！