我正在开发一个使用Spring Boot和Rest接口的Dart前端应用程序。
XMLHttpRequest执行了一个OPTIONS请求,处理得非常正确。在此之后,发出最终的GET("/products")请求并失败:
所请求的资源上没有“Access-Control-Allow-Origin”标头。因此,来自 'http://localhost:63343' 的来源不被允许访问。
经过一些调试,我发现以下信息:
对于所有子类,AbstractHandlerMapping.corsConfiguration都会被填写,除了RepositoryRestHandlerMapping。
在RepositoryRestHandlerMapping中,创建时没有设置corsConfiguration,因此它不会被识别为cors路径/资源。
=> 没有附加CORS标头
这可能是问题吗?我该如何设置?
配置类:
@Configuration
public class RestConfiguration extends RepositoryRestMvcConfiguration {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**").allowCredentials(false).allowedOrigins("*").allowedMethods("PUT", "POST", "GET", "OPTIONS", "DELETE").exposedHeaders("Authorization", "Content-Type");
}
...
}
我甚至尝试通过注释来设置跨域资源共享(Cors):
@CrossOrigin( methods = RequestMethod.GET, allowCredentials = "false")
public interface ProductRepository extends CrudRepository<Product, String> {
}
原始请求标头:
GET /products HTTP/1.1
Host: localhost:8080
Connection: keep-alive
Cache-Control: max-age=0
authorization: Basic dXNlcjpwYXNzd29yZA==
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/43.0.2357.130 Chrome/43.0.2357.130 Safari/537.36
Content-Type: application/json
Accept: */*
Referer: http://localhost:63343/inventory-web/web/index.html
Accept-Encoding: gzip, deflate, sdch
Accept-Language: de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4
原始响应头:
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: application/hal+json;charset=UTF-8
Transfer-Encoding: chunked
Date: Thu, 30 Jul 2015 15:58:03 GMT
使用的版本: Spring Boot 1.3.0.M2 Spring 4.2.0.RC2
我错过了什么?
Access-Control-Allow-Credentials:true/false.
Access-Control-Allow-Methods:GET, POST, OPTIONS, DELETE
Access-Control-Allow-Origin:http://____.com
Access-Control-Max-Age:60
我假设Spring Boot会自动处理注释扫描,或者您手动设置了它?我假设这些注释位于某种控制器中,您是否有@Controller注释或某个告诉Spring扫描该类的注释? - Jan Vladimir Mostert@Controller
/@RestController
的顶部,是否能像此示例中那样工作呢?https://spring.io/blog/2015/06/08/cors-support-in-spring-framework - Jan Vladimir Mostert