如何为CORS指定响应头?

我在春天建立了一个后端REST API,我的朋友正在建立一个Angular

JS前端应用程序来调用我的API,我有一个带有密钥的令牌头Authorization和一个可以访问该服务的值,否则它将被拒绝。来自Postman和REST客户端我可以接收API,但经过测试后,他说他在飞行前得到401

Unauthorized Error。下面是我的doFilterInternal方法。

protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException {

response.setHeader("Access-Control-Allow-Origin", "*");

response.setHeader("Access-Control-Allow-Credentials", "true");

response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");

response.setHeader("Access-Control-Max-Age", "3600");

response.setHeader("Access-Control-Allow-Headers","Content-Type, Accept, X-Requested-With, Authorization");

}

但是当他用Angular JS中的令牌调用API时,他得到了

spring.mvc.dispatch-options-request=true

在application.properties.But仍然他错误似乎是

任何帮助表示赞赏。

回答:

这是避免预检错误的过滤器

        @Override

protected void doFilterInternal(HttpServletRequest req, HttpServletResponse res, FilterChain chain) throws ServletException, IOException {

LOG.info("Adding CORS Headers ........................");

res.setHeader("Access-Control-Allow-Origin", "*");

res.setHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");

res.setHeader("Access-Control-Max-Age", "3600");

res.setHeader("Access-Control-Allow-Headers", "X-PINGOTHER,Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,Authorization");

res.addHeader("Access-Control-Expose-Headers", "xsrf-token");

if ("OPTIONS".equals(req.getMethod())) {

res.setStatus(HttpServletResponse.SC_OK);

} else {

chain.doFilter(req, res);

}

}

从发布跨源请求阻止Spring MVC Restful Angularjs中找到它

以上是 如何为CORS指定响应头? 的全部内容, 来源链接: utcz.com/qa/424488.html

回到顶部