【发布时间】:2019-12-25 04:27:30
【问题描述】:
我有一个 Angular 4 应用程序,可以显示用户的信息资料。该应用程序位于https://www.myapp.com,但用户的头像位于https://s3-sa-east-1.amazonaws.com/xxxx.png。 Angular 应用程序向我的 Spring Boot 后端发出 Get 请求以获取用户配置文件信息,但配置文件图像未加载,浏览器显示以下错误:
跨域读取阻塞 (CORB) 阻止了跨域响应 https://s3-sa-east-1.amazonaws.com/xxxx.png MIME 类型应用程序/xml。看 https://www.chromestatus.com/feature/5629709824032768 了解更多 详情。
我的问题是如何配置我的 Spring Boot 应用程序以防止跨域读取阻塞 (CORB)?
接下来我展示我的 spring 应用程序的安全设置:
@Configuration
@EnableWebSecurity
public class WebSecurity extends WebSecurityConfigurerAdapter {
private UserDetailsService userDetailsService;
private BCryptPasswordEncoder bCryptPasswordEncoder;
public WebSecurity(UserDetailsService userDetailsService, BCryptPasswordEncoder bCryptPasswordEncoder) {
this.userDetailsService = userDetailsService;
this.bCryptPasswordEncoder = bCryptPasswordEncoder;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors().and().csrf().disable()
.authorizeRequests().antMatchers(HttpMethod.POST, USER_REGISTRATION_URL).permitAll()
.antMatchers(HttpMethod.POST, RETURN_DATA).permitAll()
.anyRequest().authenticated()
.and().addFilter(new JWTAuthenticationFilter(authenticationManager(), getApplicationContext()))
.addFilter(new JWTAuthorizationFilter(authenticationManager(), getApplicationContext()))
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}
@Bean
CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.addAllowedOrigin("*");
configuration.addAllowedHeader("*");
configuration.setAllowedMethods(Arrays.asList("GET","POST","PUT","PATCH","DELETE","OPTIONS"));
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
}
我想了解为什么会发生这种情况,尽管显示了配置,这应该足够了。
非常感谢!
【问题讨论】:
标签: angular spring spring-boot spring-security cors