部署到 Google App Engine 时 Spring Boot CORS 配置不起作用

Question

我有 2 个 GAE，一个是 Spring Boot 后端，另一个是 Vue.js 前端。当我在本地测试它时，CORS 配置工作正常，但是当我部署到 GAE 时，我得到以下响应：

Access to fetch at BACKEND/function from origin FRONTEND has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

我的 Spring Security CORS 配置如下所示：

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity security) throws Exception {
        security.cors().and().csrf().disable().httpBasic().disable();
    }

    @Bean
    CorsConfigurationSource corsConfigurationSource() {
        CorsConfiguration configuration = new CorsConfiguration();
        configuration.setAllowedOrigins(Arrays.asList(frontend-url));
        configuration.setAllowedMethods(Arrays.asList("POST"));
        configuration.setAllowedHeaders(Arrays.asList("*")); 
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", configuration);
        return source;
    }
}

我已经坚持了将近一天，现在任何帮助都将不胜感激。如果您需要更多信息，请告诉我。

Answer 1

尝试设置allowed headers并考虑configuration.setExposedHeaders：

configuration.setAllowedHeaders(Arrays.asList("Access-Control-Allow-Origin", "Origin"));

也许您需要将GET 添加到allowed methods：

configuration.setAllowedMethods(Arrays.asList("GET", "POST"));