一尘不染

如何为CORS指定响应头?

spring-boot

我在春天建立了一个后端REST API,我的朋友正在建立一个Angular
JS前端应用程序来调用我的API,我有一个带有密钥的令牌头Authorization和一个可以访问该服务的值,否则它将被拒绝。来自Postman和REST客户端我可以接收API,但经过测试后,他说他在飞行前得到401
Unauthorized Error。下面是我的doFilterInternal方法。

protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException {
        response.setHeader("Access-Control-Allow-Origin", "*");
        response.setHeader("Access-Control-Allow-Credentials", "true");
        response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
        response.setHeader("Access-Control-Max-Age", "3600");
        response.setHeader("Access-Control-Allow-Headers","Content-Type, Accept, X-Requested-With, Authorization");
}

但是当他用Angular JS中的令牌调用API时,他得到了

spring.mvc.dispatch-options-request=true

在application.properties.But仍然他错误似乎是

飞行前的响应具有无效的https状态代码401

任何帮助表示赞赏。


阅读 672

收藏
2020-05-30

共1个答案

一尘不染

这是避免预检错误的过滤器

        @Override
        protected void doFilterInternal(HttpServletRequest req, HttpServletResponse res, FilterChain chain) throws ServletException, IOException {
            LOG.info("Adding CORS Headers ........................");        
            res.setHeader("Access-Control-Allow-Origin", "*");
            res.setHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
            res.setHeader("Access-Control-Max-Age", "3600");
            res.setHeader("Access-Control-Allow-Headers", "X-PINGOTHER,Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,Authorization");
            res.addHeader("Access-Control-Expose-Headers", "xsrf-token");
            if ("OPTIONS".equals(req.getMethod())) {
             res.setStatus(HttpServletResponse.SC_OK);
            } else { 
             chain.doFilter(req, res);
            }        
        }

从发布跨源请求阻止Spring MVC Restful Angularjs中找到它

2020-05-30