即使存在所有CORS标头，也会出现跨源资源共享问题 [英] Cross Origin Resource sharing issue even when all the CORS headers are present

问题描述

即使我已经通过以下提供的 CORS标题添加了我的服务响应：

even though i have appended my service response with following provided CORS Headers :

resp.setContentType("application/json");
resp.addHeader("Access-Control-Allow-Origin", "*");
resp.addHeader("Access-Control-Allow-Credentials", "true");
resp.addHeader("Access-Control-Allow-Methods", "GET,POST,OPTIONS");
resp.addHeader("Access-Control-Allow-Headers", "Origin,accept,content-type");
resp.flushBuffer();

在尝试访问某些 POST <时，我仍然在控制台中出现以下错误/ B>通过我的AngularJS前端服务中的Web方法。

i am still getting below error in the console while trying to access some of the POST web methods in the service through my AngularJS frontend.

XMLHttpRequest cannot load http://192.***.*.***:8080/abc/def/search/vehicleManufacturer. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://192.***.*.***:8085' is therefore not allowed access.

但是在同一个类中，没有任何有效负载的某些 POST 方法正在响应完美。有什么建议吗？

However within the same class, some POST methods without any payloads are responding perfectly. Any suggestions ?

编辑--------->

EDIT--------->

下面是我的AngularJS客户端屏幕调用Web方法的代码： -

Below is my AngularJS client screen code for calling the web method:-

getVehicleModel : function(searchData,$scope){
     $http({
         method:'POST',
         url:'http://192.169.*.***:8085/abc/def/search/vehicleModel',
         dataType:'jsonp',
         data:searchData

     }).
     success(function(data){
         console.log("vehicle model")
         $scope.vehicleModel = data.Response;

     });


},

推荐答案

我认为这里的问题是 Preflighted Requests 在CORS。

I think the problem here is Preflighted Requests in CORS.

从Mozilla文档中，

From the Mozilla docs,

与简单请求不同（讨论过）上面），preflighted请求首先
通过OPTIONS方法向
其他域上的资源发送HTTP请求，以确定实际请求是否安全
发送。跨站点请求是这样预检的，因为它们可能
对用户数据有影响。特别是，如果出现以下情况，请求是
预检：

Unlike simple requests (discussed above), "preflighted" requests first send an HTTP request by the OPTIONS method to the resource on the other domain, in order to determine whether the actual request is safe to send. Cross-site requests are preflighted like this since they may have implications to user data. In particular, a request is preflighted if:

• 它使用GET，HEAD或POST以外的方法。此外，如果POST用于发送内容类型不是

• It uses methods other than GET, HEAD or POST. Also, if POST is used to send request data with a Content-Type other than

• application / x-www-form-urlencoded，


• multipart / form-data


• text / plain

例如如果POST请求使用application / xml或text / xml将XML有效负载发送到服务器，则该请求将被预检。

e.g. if the POST request sends an XML payload to the server using application/xml or text/xml, then the request is preflighted.

它设置自定义标头请求（例如请求使用标题，如X-PINGOTHER）

It sets custom headers in the request (e.g. the request uses a header such as X-PINGOTHER)

As如上所述，即使你正在做一个简单的POST请求，你的请求中的Content-Type是 application / json ，这与上面提到的3种类型不同，所以它是被视为预检请求，OPTIONS请求在您的实际POST请求之前被触发。

As explained above, even though you're making a simple POST request, the Content-Type in your request is application/json which is different from the 3 types mentioned above, so it's considered as a Preflight request and an OPTIONS request is fired before your actual POST request.

您可以通过实施 doOptions 在你的servlet中，只需在那里添加标题即可。）

You can solve this by implementing doOptions in your servlet, just add the headers there and it will work :)

这篇关于即使存在所有CORS标头，也会出现跨源资源共享问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！