如何为CORS指定响应头?
我在春天建立了一个后端REST API,我的朋友正在建立一个Angular
JS前端应用程序来调用我的API,我有一个带有密钥的令牌头Authorization和一个可以访问该服务的值,否则它将被拒绝。来自Postman和REST客户端我可以接收API,但经过测试后,他说他在飞行前得到401
Unauthorized Error。下面是我的doFilterInternal方法。
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException { response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers","Content-Type, Accept, X-Requested-With, Authorization");
}
但是当他用Angular JS中的令牌调用API时,他得到了
spring.mvc.dispatch-options-request=true
在application.properties.But仍然他错误似乎是
任何帮助表示赞赏。
回答:
这是避免预检错误的过滤器
@Override protected void doFilterInternal(HttpServletRequest req, HttpServletResponse res, FilterChain chain) throws ServletException, IOException {
LOG.info("Adding CORS Headers ........................");
res.setHeader("Access-Control-Allow-Origin", "*");
res.setHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
res.setHeader("Access-Control-Max-Age", "3600");
res.setHeader("Access-Control-Allow-Headers", "X-PINGOTHER,Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,Authorization");
res.addHeader("Access-Control-Expose-Headers", "xsrf-token");
if ("OPTIONS".equals(req.getMethod())) {
res.setStatus(HttpServletResponse.SC_OK);
} else {
chain.doFilter(req, res);
}
}
从发布跨源请求阻止Spring MVC Restful Angularjs中找到它
以上是 如何为CORS指定响应头? 的全部内容, 来源链接: utcz.com/qa/424488.html
