我觉得我尝试了所有的方法,我真的要放弃Java了,哈哈。我试过通过在服务器响应中添加access-control-allow-origin,改变头类型,修改cors设置来修复它。
@Configuration
public class CorsConfiguration implements WebMvcConfigurer {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedOrigins("*")
.allowedMethods("*")
.allowedHeaders("*")
.allowCredentials(true);
}
}
中间件(过滤器)确保用户是管理员(通过读取标题"授权"):
@Component
public class AuthAdmin extends OncePerRequestFilter {
private static final String[] excluded_urls = {
"/user/**", "/product/**"
};
AntPathMatcher pathMatcher = new AntPathMatcher();
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
FilterChain filterChain) throws ServletException, IOException {
// response.addHeader("Access-Control-Allow-Origin", "*");
System.out.println("Headers: "+ request.getHeader("Authorization"));
// output: 'Headers: null'
我用axios在javascript中发出请求:
axios.get(`${SERVER_URL}/service`, {
headers: { 'Authorization': `Bearer ${localStorage.getItem('token')}` }
})....
这将导致CORS错误,并且授权标题显示为空。错误如下:Access to XMLHttpRequest at 'http://localhost:8080/service' from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
- 但如果我加上:**
response.addHeader("Access-Control-Allow-Origin", "*");
,
- 结果是:**
The 'Access-Control-Allow-Origin' header contains multiple values '*, *', but only one is allowed
。我不知道为什么它仍然不工作。我该怎么办?如果我禁用过滤器,那么每个请求都可以顺利通过,包括头文件,所以是过滤器破坏了它。
- 结果是:**
1条答案
按热度按时间8i9zcol21#
您可以先尝试使用postman进行测试,或者查看浏览器发送了多少请求。
在Vue中,在发送 AJAX 请求之前会发送一个option请求,如果option请求失败,就不会发送真实的的ajax请求。