jok*_*r21 1 java jwt angularjs spring-boot
我正在构建一个后端REST API,我的朋友正在构建一个Angular JS前端应用程序来调用我的API.我有一个带有键的标记头Authorization和一个可以访问服务的值,否则它会拒绝.从Postman和REST客户端我能够收到API但是在测试时他说他在preflight上获得了401 Unauthorized Error.Below是我的doFilterInternal方法.
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException {
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers","Content-Type, Accept, X-Requested-With, Authorization");
}
但当他用Angular JS中的令牌调用API时,他得到了
所以我在这里回答了这个问题并添加了属性
spring.mvc.dispatch-options-request=true
在application.properties.But仍然他错误似乎是
预检的响应具有无效的https状态代码401
任何帮助表示赞赏.
这是避免预检错误的过滤器
@Override
protected void doFilterInternal(HttpServletRequest req, HttpServletResponse res, FilterChain chain) throws ServletException, IOException {
LOG.info("Adding CORS Headers ........................");
res.setHeader("Access-Control-Allow-Origin", "*");
res.setHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
res.setHeader("Access-Control-Max-Age", "3600");
res.setHeader("Access-Control-Allow-Headers", "X-PINGOTHER,Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,Authorization");
res.addHeader("Access-Control-Expose-Headers", "xsrf-token");
if ("OPTIONS".equals(req.getMethod())) {
res.setStatus(HttpServletResponse.SC_OK);
} else {
chain.doFilter(req, res);
}
}
从Cross Origin请求Blocked Spring MVC Restful Angularjs发现它
| 归档时间: |
|
| 查看次数: |
4280 次 |
| 最近记录: |