使用 CORS 的 OPTIONS 请求宁静的跨域 [英] OPTIONS request for restful cross-domain using CORS
问题描述
在客户端,我将 Ajax.post (jquery 1.5) 与 json 一起使用.在服务器端,我使用的是 resteasy-jaxrs-2.0.1.GA.我发现某处我应该在服务器响应中添加几个标头,并且我已经完成了以下过滤器:
On client side I'm using Ajax.post (jquery 1.5) with json. On server side I'm using rest resteasy-jaxrs-2.0.1.GA. I found somewhere that i should add couple of headers to server response and I've done with following filter:
public void doFilter( ServletRequest req,
ServletResponse res,
FilterChain filterChain)
throws IOException, ServletException {
MyServletRequestWrapper httpReq = new MyServletRequestWrapper((HttpServletRequest)req);
HttpServletResponse httpRes = (HttpServletResponse)res;
HttpSession session = httpReq.getSession();
httpRes.addHeader(ACCESS_CONTROL_ALLOW_ORIGIN, "*");
httpRes.addHeader(ACCESS_CONTROL_ALLOW_CREDENTIALS, "true");
if (((HttpServletRequest) req).getMethod().equals("OPTIONS")){
httpRes.addHeader(ACCESS_CONTROL_ALLOW_METHODS, "GET, POST, OPTIONS, PUT, DELETE");
httpRes.addHeader(ACCESS_CONTROL_ALLOW_HEADERS, "content-type, x-requested-with, x-requested-by");
}
filterChain.doFilter(httpReq, httpRes);
}
它工作正常,因为上面的每个 GET 响应都添加了标头.当我想使用 POST 请求时出现问题.当我使用 Ajax.post 时,首先服务器收到 OPTIONS 请求,并且出现以下错误:
It works fine cause to every single GET response above headers are added. Problem appears when I want to use POST request. When I use Ajax.post, at first server gets OPTIONS request and I've got following error:
<代码>执行 OPTIONS [REST_PATH] 失败org.jboss.resteasy.spi.DefaultOptionsMethodException: 找不到选项的资源方法,返回 OK 并带有 Allow 标头
为了解决上述错误,我尝试使用与 POST ([REST_PATH]) 相同的路径但使用 @OPTION 注释添加方法调用.在那种情况下,javac 告诉我找不到符号 :class OPTIONS,即使附加的 jaxrs 库中有一个 OPTION.class.
To solve above error I was trying to add method invoke with the same path as POST ([REST_PATH]) but with @OPTION annotation. In that case javac told me that symbol :class OPTIONS could not be found, even there is a OPTION.class in attached jaxrs library.
有什么解决办法吗?如果有任何线索,我将不胜感激.
Any ideas to fix it? I would be very grateful for any clues.
推荐答案
当我尝试使用 Angular 2 客户端调用我的服务时,RestEasy 以 HTTP 状态 500 和以下错误响应预检请求.
When I was trying to call my service with an Angular 2 client RestEasy was responding to the preflight requests with the HTTP status 500 and the following error.
RESTEASY003655:找不到选项的资源方法,返回 OK允许标题
RESTEASY003655: No resource method found for options, return OK with Allow header
我试过 RestEasy 的 CorsFilter 但我想提出一个简单的替代方案.如果您不想为每个端点编写处理 OPTIONS 调用的代码怎么办?
I tried RestEasy's CorsFilter but I'd like to propose a simple alternative. What if you don't want to write code handling the OPTIONS call for each of your endpoints ?
我实现了一个简单的过滤器:
I implemented a simple filter that:
- 将您需要的 CORS 标头应用于响应.
- 使用 OPTIONS 方法调用端点时返回 HTTP 状态代码 200.您告诉客户其 CORS 预检请求已被接受.
这里是代码.如果您只想在查询真实"端点时返回 200,请随意优化过滤器.
Here is the code. Feel free to refine the filter if you only want to send back a 200 when querying a "real" endpoint.
@Provider
public class CorsFilter implements ContainerResponseFilter {
@Override
public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext) throws IOException {
MultivaluedMap<String, Object> headers = responseContext.getHeaders();
headers.add("Access-Control-Allow-Origin", "*"); // If you want to be more restrictive it could be localhost:4200
headers.add("Access-Control-Allow-Methods", "GET, PUT, POST, OPTIONS"); // You can add HEAD, DELETE, TRACE, PATCH
headers.add("Access-Control-Allow-Headers", "Content-Type, Authorization, Accept, Accept-Language"); // You can add many more
if (requestContext.getMethod().equals("OPTIONS"))
responseContext.setStatus(200);
}}
确保也了解CORS.
这篇关于使用 CORS 的 OPTIONS 请求宁静的跨域的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!