spring boot版本2.4.0中cors策略的更改

zbdgwd5y  于 2021-07-11  发布在  Java
关注(0)|答案(1)|浏览(370)

使用spring 2.3.0.release,我得到了以下cors配置:

@Configuration
@EnableWebSecurity
@ComponentScan("com.softeq.ems.config")
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class EmsJwtSecurityConfig extends BaseSecurityConfig {

    @Value("${management.endpoints.web.cors.allowed-origins}")
    private String[] allowedOrigins;

    @Override
    protected void configureHttp(HttpSecurity http) throws Exception {
        if (allowedOrigins.length > 0) {
            http.cors().configurationSource(corsConfigSource());
        }

        http.csrf().disable();
    }

    private CorsConfigurationSource corsConfigSource() {

        final CorsConfiguration corsConfig = new CorsConfiguration();
        corsConfig.addAllowedHeader(CorsConfiguration.ALL);
        corsConfig.addAllowedMethod(CorsConfiguration.ALL);

        Stream.of(allowedOrigins).forEach(
            origin -> corsConfig.addAllowedOrigin(origin)
        );

        return request -> corsConfig;
    }

变量 management.endpoints.web.cors.allowed-origins = http://localhost:4200, http://127.0.0.1:4200 这个配置运行良好,我需要的所有跨平台请求都得到了授权。
但在发布后迁移到spring boot 2.4.0之后,当我像往常一样尝试向主机发送请求时,chrome浏览器控制台中出现了经典的cors策略错误:

Access to XMLHttpRequest at 'http://localhost:8080/api/v1/me/balance' from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status

spring发行说明说cors配置提供了一个新的属性 allowedOriginPatterns ,但我不知道如何使用它:https://github.com/spring-projects/spring-framework/wiki/what%27s-new-in-spring-framework-5.x#general-web修订
请帮我找出我的问题所在!

uelo1irk

uelo1irk1#

我是这样做的:

@Configuration
@Profile("!production")
class CorsConfig : WebMvcConfigurer {
    override fun addCorsMappings(registry: CorsRegistry) {
        registry
            .addMapping("/**")
            .allowedOriginPatterns("http://localhost:3000")
    }
}

相关问题