Spring Boot的CORS问题

Question

我有一个在端口8443上运行的Spring Boot应用程序,在端口8080上有一个基于angular2的前端.我需要我的前端向我的Spring服务器发出请求,但是我左右收到CORS错误.我已将@CrossOrigin注释添加到我的RestController方法中,并且已将CORSFilter添加到我的项目中,并将其映射到web.xml,但在Firefox 46.0a2 上,我仍然在控制台上收到此错误:

跨源请求已阻止:同源策略禁止在https:// localhost:8443/allEquips读取远程资源.(原因:缺少CORS标题'Access-Control-Allow-Origin').

我的控制器的相关部分:

@CrossOrigin
@RequestMapping("/allequips")
List<String> allequips(Model model) {
    List<String> codes = equipmentRepository.findAllEquipments();
    return codes;
}

CORSFilter:

public class CORSFilter implements Filter{
     public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
            HttpServletResponse response = (HttpServletResponse) res;
            response.setHeader("Access-Control-Allow-Origin", "*");
            response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
            response.setHeader("Access-Control-Max-Age", "3600");
            response.setHeader("Access-Control-Allow-Headers", "x-requested-with");
            chain.doFilter(req, res);
        }
        public void init(FilterConfig filterConfig) {}
        public void destroy() {}
}

映射web.xml:

  <filter>
  <filter-name>cors</filter-name>
  <filter-class>config.CORSFilter</filter-class>
</filter>
<filter-mapping>
  <filter-name>cors</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>

我不知道这是否重要,但是正在发出http请求的Angular2代码:

@Injectable()
export class EquipService {
    equips: Array<Equip>;

    constructor(public http: Http) {
        console.log('Equip service created.', http);
    }

    getEquips() {
        return this.http.get(WebServiceEndPoint+'allEquips')
        .map((responseData) => {
            return responseData.json();
        }).map((equips: Array<any>) => {
            let result: Array<Equip> = [];
            if(equips) {
                equips.forEach((equip) => {
                    result.push(new Equip(equip.code));
                });
            }
            return result;
        }).subscribe( res => this.equips = res);
    }
}

我错过了一些配置吗？我的代码有什么不对吗？

编辑:我放弃并从之前的提交重新启动.在那之后,简单地添加@Cross-Origin就足够了.

Answer 1

第一种方法: - 如果您使用的是spring boot,则创建一个扩展webmvcconfigurereAdapter的新类

 @Configuration
 @ComponentScan
 @EnableWebMvc

 public class ApplicationConfig extends WebMvcConfigurerAdapter {

     @Override
   public void addCorsMappings(CorsRegistry registry) {
   // Can just allow `methods` that you need.
   registry.addMapping("/**").allowedMethods("PUT", "GET", "DELETE", "OPTIONS", "PATCH", "POST");
    }
}

第二种方法: - 您也可以在@springBootApplication类中添加它.不需要xml.

@Bean
     public CorsFilter corsFilter() {
         final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
         final CorsConfiguration config = new CorsConfiguration();
         config.setAllowCredentials(true);
         config.addAllowedOrigin("*"); // this allows all origin
         config.addAllowedHeader("*"); // this allows all headers
         config.addAllowedMethod("OPTIONS");
         config.addAllowedMethod("HEAD");
         config.addAllowedMethod("GET");
         config.addAllowedMethod("PUT");
         config.addAllowedMethod("POST");
         config.addAllowedMethod("DELETE");
         config.addAllowedMethod("PATCH");
         source.registerCorsConfiguration("/**", config);
         return new CorsFilter(source);
     }

Answer 2

我很确定您需要添加Content-Type允许的标头

response.setHeader("Access-Control-Allow-Headers", "x-requested-with x-uw-act-as");