axios 使用凭据请求时获取CORS策略错误:Spring REST中的true

ecr0jaav  于 2023-06-22  发布在  iOS
关注(0)|答案(1)|浏览(126)

我的RestController添加了@CrossOrigin,它允许“/signup”,但请求“/login”withCredentials:从前端应用程序获取true
CORS策略已阻止从源“http://localhost:8080”访问位于“http://localhost:8000/api/auth/login”的XMLHttpRequest:对印前检查请求的响应未通过访问控制检查:当请求的凭据模式为“include”时,响应中“Access-Control-Allow-Origin”标头的值不能为通配符“*”。XMLHttpRequest发起的请求的凭据模式由withCredentials属性控制。
我的RestController

@RestController
@RequestMapping("/api/auth")
@CrossOrigin
public class AuthController {
    @Autowired
    private UserService userService;
    @Autowired
    private AuthenticationManager authenticationManager;
    @Autowired
    private RefreshTokenService refreshTokenService;

    @Autowired
    private JwtService jwtService;

    @PostMapping("/signup")
    public ResponseEntity<?> addNewUser(@RequestBody @Valid User user) throws DataAlreadyPresent {
        return  new ResponseEntity<>(userService.addUser(user),HttpStatus.OK);
    }
    @PostMapping("/login")
    public JwtResponse authenticateAndGetToken(@RequestBody AuthRequest authRequest) {
        Authentication authentication = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(authRequest.getEmail(), authRequest.getPassword()));
        if (authentication.isAuthenticated()) {
            RefreshToken refreshToken = refreshTokenService.createRefreshToken(authRequest.getEmail());
            return JwtResponse.builder()
                    .accessToken(jwtService.generateToken(authRequest.getEmail()))
                    .token(refreshToken.getToken()).build();
        } else {
            throw new UsernameNotFoundException("invalid user request !");
        }
    }

my Request from Login.vue方法

async login(){
      await axios.post('http://localhost:8000/api/auth/login',this.authData,{
        withCredentials: true
      })
          .then(res =>{
            console.log(res.data);
          });
    }

正在获取CORS策略错误,而请求withCredentials:Spring REST中的true
如何允许来自我的前端应用程序的请求?

u4dcyp6a

u4dcyp6a1#

已修复,已添加@CrossOrigin(origins = "http://localhost:8080", allowCredentials = "true")
在我的控制器里

相关问题