一尘不染

GWT-没有“ Access-Control-Allow-Origin”标头出现在所请求的资源上

tomcat

我们正在尝试在tomcat上实施CORS过滤器,以允许跨域请求。我们在两个不同的tomcat(不同的机器)上都有两个GWT项目。阅读了CORS过滤器文档CORS之后,我刚刚在tomcat的web.xml文件中添加了CORS过滤器。

 `<filter>
  <filter-name>CorsFilter</filter-name>
  <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
  <init-param>
    <param-name>cors.allowed.origins</param-name>
    <param-value>*</param-value>
  </init-param>
  <init-param>
    <param-name>cors.allowed.methods</param-name>
    <param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
  </init-param>
  <init-param>
    <param-name>cors.allowed.headers</param-name>
    <param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
  </init-param>
  <init-param>
    <param-name>cors.exposed.headers</param-name>
    <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
  </init-param>
  <init-param>
    <param-name>cors.support.credentials</param-name>
    <param-value>true</param-value>
  </init-param>
  <init-param>
    <param-name>cors.preflight.maxage</param-name>
    <param-value>10</param-value>
  </init-param>
</filter>
<filter-mapping>
  <filter-name>CorsFilter</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>`

但是它不起作用。我遇到了另一个与此相关的堆栈问题,但是有点困惑如何在GWT中实现过滤器?

用GWT实施CORS过滤器的实际程序是什么?


阅读 341

收藏
2020-06-16

共1个答案

一尘不染

Filter像下面这样在服务器端扩展并添加类:
注意:这只是一个简单的示例,可以帮助您开始。告知自己有关的安全隐患,如果你不配置它以正确的方式…
检查的最后一部分,这篇文章

public class CORSFilter implements Filter {
    // For security reasons set this regex to an appropriate value
    // example: ".*example\\.com"
    private static final String ALLOWED_DOMAINS_REGEXP = ".*";

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse,
            FilterChain filterChain) throws IOException, ServletException {

        HttpServletRequest req = (HttpServletRequest) servletRequest;
        HttpServletResponse resp = (HttpServletResponse) servletResponse;

        String origin = req.getHeader("Origin");
        if (origin != null && origin.matches(ALLOWED_DOMAINS_REGEXP)) {
            resp.addHeader("Access-Control-Allow-Origin", origin);
            if ("options".equalsIgnoreCase(req.getMethod())) {
                resp.setHeader("Allow", "GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS");
                if (origin != null) {
                    String headers = req.getHeader("Access-Control-Request-Headers");
                    String method = req.getHeader("Access-Control-Request-Method");
                    resp.addHeader("Access-Control-Allow-Methods", method);
                    resp.addHeader("Access-Control-Allow-Headers", headers);
                    // optional, only needed if you want to allow cookies.
                    resp.addHeader("Access-Control-Allow-Credentials", "true");
                    resp.setContentType("text/x-gwt-rpc");
                }
                resp.getWriter().flush();
                return;
            }
        }

        // Fix ios6 caching post requests
        if ("post".equalsIgnoreCase(req.getMethod())) {
            resp.addHeader("Cache-Control", "no-cache");
        }

        if (filterChain != null) {
            filterChain.doFilter(req, resp);
        }
    }

    @Override
    public void destroy() {
    }

    @Override
    public void init(FilterConfig arg0) throws ServletException {
    }
}

不要忘记Filter在Web.xml(在WAR文件内,而不是tomcat web.xml内)文件中添加。

<filter>
    <filter-name>corsFilter</filter-name>
    <filter-class><YourProjectPath>.CORSFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>corsFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>
2020-06-16