【发布时间】:2018-04-04 13:45:12
【问题描述】:
请有人帮忙解决问题: 后端弹簧应用 web.xml
<filter>
<filter-name>corsFilter</filter-name>
<filter-class>package.controllers.auth.CorsFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>corsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
过滤器
public class CorsFilter implements Filter {
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
HttpServletResponse httpResponse = (HttpServletResponse) response;
httpResponse.setHeader("Access-Control-Allow-Origin", "*,*");
httpResponse.setHeader("Access-Control-Allow-Methods", "POST, GET, PUT, OPTIONS, DELETE");
httpResponse.setHeader("Access-Control-Allow-Headers", "Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,Authorization,Access-Control-Allow-Origin");
httpResponse.setHeader("Access-Control-Expose-Headers", "Access-Control-Allow-Credentials");
httpResponse.setHeader("Access-Control-Allow-Credentials", "true");
httpResponse.setHeader("Access-Control-Max-Age", "10");
System.out.println("---CORS Configuration Completed---");
chain.doFilter(request, response);
}
角度前端:
let headers = new Headers({ 'Content-Type': 'application/json' });
let options = new RequestOptions({ headers: headers });
return this.http.post(AppSettings.API_ENDPOINT + '/url', JSON.stringify(user), options)
.map(response => response.json())
}
浏览器返回问题:
对预检请求的响应未通过访问控制检查: 'Access-Control-Allow-Origin' 标头包含多个值
【问题讨论】:
-
更改此:
httpResponse.setHeader("Access-Control-Allow-Origin", "*,*")...仅此:httpResponse.setHeader("Access-Control-Allow-Origin", "*")浏览器要求Access-Control-Allow-Origin值是单个*通配符(表示允许任何来源)或单个起源;例如,Access-Control-Allow-Origin: https://foo.com.