如何指定 CORS 的响应标头?
我正在春季构建一个后端 REST API,而我的朋友正在构建一个 Angular JS 前端应用程序来调用我的 API.我有一个带有键 Authorization
的令牌标头和一个可以访问的值服务,否则它会拒绝.从邮递员和 REST 客户端我能够接收 API,但是在测试时他说他在预检时收到 401 Unauthorized Error.下面是我的 doFilterInternal 方法.
I am building a backend REST API in spring and my friend is building a Angular JS front end app to call my API.I have a token header with key Authorization
and a value which gives access to the service otherwise it refuses.From Postman and REST client I am able to receive the API but when tested he says he gets 401 Unauthorized Error on preflight.Below is my doFilterInternal method.
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException {
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers","Content-Type, Accept, X-Requested-With, Authorization");
}
但是当他在 Angular JS 中使用令牌调用 API 时,他得到了
But when he calls the API with the token in Angular JS he gets
所以我跟着这个答案这里 我添加了属性
So I followed this answer here and I added the property
spring.mvc.dispatch-options-request=true
在 application.properties.But stillt 他的错误似乎就像
in the application.properties.But stillt he error seems to be like
预检响应包含无效的 https 状态代码 401
感谢任何帮助.
推荐答案
这是避免预检错误的过滤器
Here is the filter which avoid the preflight error
@Override
protected void doFilterInternal(HttpServletRequest req, HttpServletResponse res, FilterChain chain) throws ServletException, IOException {
LOG.info("Adding CORS Headers ........................");
res.setHeader("Access-Control-Allow-Origin", "*");
res.setHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
res.setHeader("Access-Control-Max-Age", "3600");
res.setHeader("Access-Control-Allow-Headers", "X-PINGOTHER,Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,Authorization");
res.addHeader("Access-Control-Expose-Headers", "xsrf-token");
if ("OPTIONS".equals(req.getMethod())) {
res.setStatus(HttpServletResponse.SC_OK);
} else {
chain.doFilter(req, res);
}
}
从帖子中找到它 Cross Origin Request Blocked Spring MVC Restful Angularjs
相关文章