使用Content-Type：application / json时，对Activiti REST API的POST请求会导致CORS问题 [英] POST request to Activiti REST API causes CORS issue when using Content-Type:application/json

问题描述

我正在使用AngularJS来使用Activit REST资源。所有GET操作都按预期工作，但是当我尝试使用Content-Type：application / json POST到/ runtime / process-instances时，它在预检上失败了。如您所见，响应头中没有Access-Control-Allow-Origin。

I'm using AngularJS to consume Activit REST resources. All GET operations works as expected but, when I try to POST to /runtime/process-instances with Content-Type:application/json, it fails on the preflight. As you can see, there's no 'Access-Control-Allow-Origin' in the response header.

当我将Content-Type更改为application / x-www-form-urlencoded; charset = utf-8时，例如，'Access-Control-Allow-Origin'出现在响应头中，但据我们所知，我的POST赢了因为API期望它有一个内容类型：application / json

When I change the Content-Type to application/x-www-form-urlencoded;charset=utf-8, for example, the 'Access-Control-Allow-Origin' comes in the response header but as we know, my POST won't work as API expects it to have a content-type:application/json

我怎样才能得到围绕这个问题？

How can I get around the issue?

感谢任何输入！

推荐答案

自Activiti以来5.17，Activiti使用Spring Security来保护REST-API。如果您发送在Tomcat CORS-Configuration中的allowed-headers字段中传播的标头，则只会触发Tomcat CORS-Filter。我没有成功地在每个请求上触发CORS过滤器。因此，我这样做了：

Since Activiti 5.17, Activiti uses Spring Security to protect the REST-APIs. The Tomcat CORS-Filter only gets triggered if you send headers propagated in the allowed-headers field in the Tomcat CORS-Configuration. I did not succeed in triggering the CORS-filter on every request. Therefore, I did it this way:

1. 编写自己的CORS-Filter

1. Write your own CORS-Filter

公共类CorsFilter扩展OncePerRequestFilter {

public class CorsFilter extends OncePerRequestFilter {

    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
            throws ServletException, IOException {

        response.setHeader("Access-Control-Allow-Origin", "*");
        if (request.getHeader("Access-Control-Request-Method") != null && "OPTIONS".equals(request.getMethod())) {
            response.setHeader("Access-Control-Allow-Credentials", "true");
            response.setHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE");
            response.setHeader("Access-Control-Allow-Headers", "accept, x-requested-with, Content-Type, Accept-Language, Accept-Encoding ,Origin, Access-Control-Request-Method ,Access-Control-Request-Headers, Last-Modified, Cookie, Referer");
            response.setHeader("Access-Control-Expose-Headers", "Access-Control-Allow-Origin,Accept-Ranges,Content-Encoding,Content-Length,Content-Range");
            response.setHeader("Access-Control-Max-Age", "100");
        }

        filterChain.doFilter(request, response);
    }

}

添加过滤器activiti-rest-webapp2中的Spring配置：

Add the filter in the Spring Configuration in the activiti-rest-webapp2:

http.addFilterBefore（new CorsFilter （），ChannelProcessingFilter.class）

和 .antMatchers（HttpMethod.OPTIONS，/ **）。 permitAll（）

需要在没有spring认证的情况下传递选项请求，否则CORS预检请求将失败。

The options requests need to be passed without spring authentication because otherwise, the CORS preflight requests will fail.

如果你这样做，Activiti会在你发出的每个请求中添加Access-Control-Allow-Origin。

If you do it this way, Activiti will add the Access-Control-Allow-Origin on every request you make.

最好的问候
Ben

Best regards Ben

这篇关于使用Content-Type：application / json时，对Activiti REST API的POST请求会导致CORS问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！