那些遇到过的问题

Tomcat CORS:预检成功,但实际请求失败,403禁止

nag*_*agu 4 javascript apache tomcat google-chrome cors

我的REST服务部署在Tomcat 7.0.64(http:// localhost:8080/xxx)下.我使用HTML页面源代码的JavaScript库来调用这些服务.这些HTML页面由另一个orgin(http:// localhost:9090/html/yyy.html)提供.

要在服务器上启用跨源请求,我在web.xml中配置了CORSFilter,如下所示:

<filter>
    <filter-name>CorsFilter</filter-name>
    <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
    <init-param>
        <param-name>cors.allowed.origins</param-name>
        <param-value>*</param-value>
    </init-param>
    <init-param>
        <param-name>cors.allowed.methods</param-name>
        <param-value>GET,POST,HEAD,OPTIONS,PUT,PATCH,DELETE</param-value>
    </init-param>
    <init-param>
        <param-name>cors.allowed.headers</param-name>
        <param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,X-CUSTOM1,X-CUSOM2,X-CUSTOM3</param-value>
    </init-param>
    <init-param>
        <param-name>cors.exposed.headers</param-name>
        <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials,X-CUSTOM3</param-value>
    </init-param>
    <init-param>
        <param-name>cors.support.credentials</param-name>
        <param-value>true</param-value>
    </init-param>
    <init-param>
        <param-name>cors.preflight.maxage</param-name>
        <param-value>10</param-value>
    </init-param>
</filter>
<filter-mapping>
    <filter-name>CorsFilter</filter-name>
    <url-pattern>*</url-pattern>
</filter-mapping>
Run Code Online (Sandbox Code Playgroud)

从RequestDumper的以下输出中,您可以注意到来自浏览器的预检请求已收到成功响应(200).但是,403 Forbidden后面的实际请求失败了:

预检请求和响应

http-apr-8080-exec-6 ===============================================================
http-apr-8080-exec-8 START TIME        =26-Sep-2015 21:28:53
http-apr-8080-exec-8         requestURI=/xxxx/zzzz
http-apr-8080-exec-8           authType=null
http-apr-8080-exec-8  characterEncoding=null
http-apr-8080-exec-8      contentLength=-1
http-apr-8080-exec-8        contentType=null
http-apr-8080-exec-8        contextPath=/xxxx
http-apr-8080-exec-8             header=host=localhost:8080
http-apr-8080-exec-8             header=connection=keep-alive
http-apr-8080-exec-8             header=pragma=no-cache
http-apr-8080-exec-8             header=cache-control=no-cache
http-apr-8080-exec-8             header=access-control-request-method=POST
http-apr-8080-exec-8             header=origin=http://localhost:9090
http-apr-8080-exec-8             header=user-agent=Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.42 Safari/537.36
http-apr-8080-exec-8             header=access-control-request-headers=x-custom1, x-custom2
http-apr-8080-exec-8             header=accept=*/*
http-apr-8080-exec-8             header=referer=http://localhost:9090/html/yyyy.html
http-apr-8080-exec-8             header=accept-encoding=gzip, deflate, sdch
http-apr-8080-exec-8             header=accept-language=en-US,en;q=0.8,ta;q=0.6
http-apr-8080-exec-8             locale=en_US
http-apr-8080-exec-8             method=OPTIONS
http-apr-8080-exec-8           pathInfo=null
http-apr-8080-exec-8           protocol=HTTP/1.1
http-apr-8080-exec-8        queryString=null
http-apr-8080-exec-8         remoteAddr=127.0.0.1
http-apr-8080-exec-8         remoteHost=127.0.0.1
http-apr-8080-exec-8         remoteUser=null
http-apr-8080-exec-8 requestedSessionId=null
http-apr-8080-exec-8             scheme=http
http-apr-8080-exec-8         serverName=localhost
http-apr-8080-exec-8         serverPort=8080
http-apr-8080-exec-8        servletPath=/zzzz
http-apr-8080-exec-8           isSecure=false
http-apr-8080-exec-8 ------------------=--------------------------------------------
http-apr-8080-exec-8 ------------------=--------------------------------------------
http-apr-8080-exec-8           authType=null
http-apr-8080-exec-8        contentType=null
http-apr-8080-exec-8             header=Access-Control-Allow-Origin=http://localhost:9090
http-apr-8080-exec-8             header=Access-Control-Allow-Credentials=true
http-apr-8080-exec-8             header=Access-Control-Max-Age=10
http-apr-8080-exec-8             header=Access-Control-Allow-Methods=POST
http-apr-8080-exec-8             header=Access-Control-Allow-Headers=content-type,x-custom1,access-control-request-headers,accept,access-control-request-method,x-custom2,origin,x-custom3,x-requested-with
http-apr-8080-exec-8         remoteUser=null
http-apr-8080-exec-8             status=200
http-apr-8080-exec-8 END TIME          =26-Sep-2015 21:28:53
http-apr-8080-exec-8 ===============================================================
Run Code Online (Sandbox Code Playgroud)

实际请求和响应 - 403 Forbidden失败

http-apr-8080-exec-9 START TIME        =26-Sep-2015 21:28:53
http-apr-8080-exec-9         requestURI=/xxxx/zzzz
http-apr-8080-exec-9           authType=null
http-apr-8080-exec-9  characterEncoding=null
http-apr-8080-exec-9      contentLength=0
http-apr-8080-exec-9        contentType=null
http-apr-8080-exec-9        contextPath=/xxxx
http-apr-8080-exec-9             header=host=localhost:8080
http-apr-8080-exec-9             header=connection=keep-alive
http-apr-8080-exec-9             header=content-length=0
http-apr-8080-exec-9             header=pragma=no-cache
http-apr-8080-exec-9             header=cache-control=no-cache
http-apr-8080-exec-9             header=origin=http://localhost:9090
http-apr-8080-exec-9             header=x-custom1=aaaaa
http-apr-8080-exec-9             header=x-custom2=bbbbb
http-apr-8080-exec-9             header=user-agent=Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.42 Safari/537.36
http-apr-8080-exec-9             header=accept=*/*
http-apr-8080-exec-9             header=referer=http://localhost:9090/html/yyyy.html
http-apr-8080-exec-9             header=accept-encoding=gzip, deflate
http-apr-8080-exec-9             header=accept-language=en-US,en;q=0.8,ta;q=0.6
http-apr-8080-exec-9             locale=en_US
http-apr-8080-exec-9             method=POST
http-apr-8080-exec-9           pathInfo=null
http-apr-8080-exec-9           protocol=HTTP/1.1
http-apr-8080-exec-9        queryString=null
http-apr-8080-exec-9         remoteAddr=127.0.0.1
http-apr-8080-exec-9         remoteHost=127.0.0.1
http-apr-8080-exec-9         remoteUser=null
http-apr-8080-exec-9 requestedSessionId=null
http-apr-8080-exec-9             scheme=http
http-apr-8080-exec-9         serverName=localhost
http-apr-8080-exec-9         serverPort=8080
http-apr-8080-exec-9        servletPath=/zzzz
http-apr-8080-exec-9           isSecure=false
http-apr-8080-exec-9 ------------------=--------------------------------------------
http-apr-8080-exec-9 ------------------=--------------------------------------------
http-apr-8080-exec-9           authType=null
http-apr-8080-exec-9        contentType=text/plain
http-apr-8080-exec-9         remoteUser=null
http-apr-8080-exec-9             status=403
http-apr-8080-exec-9 END TIME          =26-Sep-2015 21:28:53
http-apr-8080-exec-9 ===============================================================
Run Code Online (Sandbox Code Playgroud)

我使用Chrome作为浏览器.

我想知道,当预检请求成功时,实际响应是否可能被禁止403?

另请注意,我已经测试过从Chrome插件Postman发送相同的请求,我可以成功获得预期的响应,而不会出现403错误.

我经历了以下流程:Tomcat CORSFilter流程图.我不清楚这里出了什么问题.感谢您在解决问题方面的帮助.谢谢.

小智 7

我遇到了完全相同的问题.解决方案实际上非常简单.

" 我注意到HTTP POST请求以某种方式需要填充Content-Type HTTP标头. "

尝试在POST请求中添加Content-Type.

归档时间:

查看次数:

3382 次

最近记录:

10 年 前
相关归档
如何使用JavaScript/jQuery获取表单数据? 373
在浏览器中规范鼠标滚轮速度 139
XSLT文档功能在chrome中不起作用 13
如何解决库冲突(apache commons-codec) 7
可以模拟 Chrome 中缺少某些系统功能(例如网络摄像头)的情况吗? 7
Chrome 尝试将简单的 html 文档打印为 31K+ 空页 7
Javascript中本机内存和堆内存的区别解释 5
如何从命令行启用 Chrome 功能? 5
我可以在 Chrome DevTools 中查看动态生成的 CSS 源吗? 4
Tomcat 10 抛出 java.lang.ClassNotFoundException:javax.servlet.http.HttpServlet 3
难疑归档
检测未定义的对象属性 2742
如何在不手动指定编码的情况下在C#中获得字符串的一致字节表示? 2121
是否有标准函数来检查JavaScript中的null,undefined或blank变量? 2088
数据绑定如何在AngularJS中运行? 1924
如何在Linux中对文件进行符号链接? 1865
查看未发布的Git提交 1649
编译用于高放射性环境的应用程序 1414
显示屏上的转换:属性 1322
在Node.js中读取环境变量 1240
有哪些常用的命名git分支实例的例子? 1034