Spring Cloud - Zuul Proxy正在生成No'Access-Control-Allow-Origin'ajax响应

Question

启动应用程序:

@SpringBootApplication
@EnableZuulProxy
public class ZuulServer {

     public static void main(String[] args) {
         new SpringApplicationBuilder(ZuulServer.class).web(true).run(args);
     }
 }

我的YAML文件是这样的:

server:
   port:8080

spring:
   application:
      name: zuul

eureka:
client:
  enabled: true
    serviceUrl:
       defaultZone: http://localhost:8761/eureka/



zuul:
    proxy:
       route:
         springapp: /springapp

我有一个名为springapp的微服务应用程序(在端口8081上),并有一些休息服务.以下是我的客户端UI应用:

    <html>
    <head>
        <title>TODO supply a title</title>
        <meta charset="UTF-8">
        <meta name="viewport" content="width=device-width, initial-scale=1.0">
        <script type="text/javascript" src="js/libs/jquery/jquery.min.js" ></script>
    </head>
    <body>
        <script type="text/javascript">
            $.ajax({
                url: 'http://localhost:8080/zuul/springapp/departments',
                type: 'GET'
            }).done(function (data) {
                consoe.log(data);
                document.write(data);
            });
        </script>        

    </body>
</html>

但我得到了一个

XMLHttpRequest cannot load http://localhost:8080/zuul/springapp/departments. No
    'Access-Control-Allow-Origin' header is present on the requested
    resource. Origin 'http://localhost:8383' is therefore not allowed access.

此UI HTML5应用程序位于http:// localhost:8383/SimpleAPp/index.html.CORS,CORS,CORS ......请帮忙.BTW http:// localhost:8080/zuul/springapp/departments在浏览器地址栏上返回一个json列表.spring.io博客在这里说没有必要使用过滤器,因为zuulproxy负责这个,但我不知道它为什么不适合我.

Answer 1

将这段代码添加到使用@EnableZuulProxy注释的类中应该可以解决问题.

@Bean
public CorsFilter corsFilter() {
    final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    final CorsConfiguration config = new CorsConfiguration();
    config.setAllowCredentials(true);
    config.addAllowedOrigin("*");
    config.addAllowedHeader("*");
    config.addAllowedMethod("OPTIONS");
    config.addAllowedMethod("HEAD");
    config.addAllowedMethod("GET");
    config.addAllowedMethod("PUT");
    config.addAllowedMethod("POST");
    config.addAllowedMethod("DELETE");
    config.addAllowedMethod("PATCH");
    source.registerCorsConfiguration("/**", config);
    return new CorsFilter(source);
}

Answer 2

我有一个类似的问题，Angular Web 应用程序使用由 Spring Boot 和 Zuul 和 Spring Security 实现的 RESTful 服务。

上述解决方案均无效。我意识到问题不在于 Zuul，而在于 Spring Security。

正如官方文档（带有 Spring Security 的 CORS）所述，在使用 Spring Security 时，CORS 必须在 Spring Security 之前进行配置。

最后，我能够将 Grinish 尼泊尔（参见先前的答案）的解决方案整合到一个有效的解决方案中。

不用多说，这里是使用 Spring Security 和 Zuul 启用 CORS 的代码：

    @Configuration
    @EnableWebSecurity
    public class SecurityConfig extends WebSecurityConfigurerAdapter {
        //irrelevant for this problem
        @Autowired
        private MyBasicAuthenticationEntryPoint authenticationEntryPoint;

        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http
                    //configure CORS -- uses a Bean by the name of     corsConfigurationSource (see method below)
                    //CORS must be configured prior to Spring Security
                    .cors().and()
                    //configuring security - irrelevant for this problem
                    .authorizeRequests()
                        .anyRequest().authenticated()
                        .and()
                    .httpBasic()
                    .authenticationEntryPoint(authenticationEntryPoint);

            //irrelevant for this problem
            http.addFilterAfter(new CustomFilter(),
                    BasicAuthenticationFilter.class);
        }

        //The CORS filter bean - Configures allowed CORS any (source) to any 
        //(api route and method) endpoint
        @Bean
        CorsConfigurationSource corsConfigurationSource() {
            final UrlBasedCorsConfigurationSource source = new     UrlBasedCorsConfigurationSource();
            final CorsConfiguration config = new CorsConfiguration();
            config.setAllowCredentials(true);
            config.addAllowedOrigin(CorsConfiguration.ALL);
            config.addAllowedHeaders(Collections.singletonList(CorsConfiguration.ALL));
            config.addAllowedMethod("OPTIONS");
            config.addAllowedMethod("HEAD");
            config.addAllowedMethod("GET");
            config.addAllowedMethod("PUT");
            config.addAllowedMethod("POST");
            config.addAllowedMethod("DELETE");
            config.addAllowedMethod("PATCH");
            source.registerCorsConfiguration("/**", config);
            return source;
        }

        //configuring BA usernames and passwords - irrelevant for this problem
        @Autowired
        public void configureGlobal(AuthenticationManagerBuilder auth) throws     Exception {
           ...
        }
    }

Answer 3

当您的应用程序运行时,http://localhost:8383您只能进行AJAX调用http://localhost:8383.Zuul没有,也无法改变这一点.

什么Zuul能做的就是如请求映射http://localhost:8383/zuul/到http://localhost:8080/zuul/.但是您的浏览器必须调用http://localhost:8383/zuul/springapp/departments,您必须配置该映射.