Fatal编程技术网
  • java/
  • Java CORS政策赢得';无法工作,因为所有响应头都已设置,但仍会收到此错误

Java CORS政策赢得';无法工作,因为所有响应头都已设置,但仍会收到此错误

java servlets

Java CORS政策赢得';无法工作,因为所有响应头都已设置,但仍会收到此错误,java,servlets,Java,Servlets,我尝试从Servlet java类中的POST方法获取响应。 我尝试设置所有标题,但总是出现错误: 从源“”访问位于“XXX”的XMLHttpRequest 已被CORS策略阻止:对飞行前请求的响应不可用 通过访问控制检查:未显示“访问控制允许原点”标题 在请求的资源上显示 以下是我的标题: @WebServlet(asyncSupported = true,urlPatterns = {"/Mitarbeiter_Einzel_Update"}) public class Mitarbeite

我尝试从Servlet java类中的POST方法获取响应。 我尝试设置所有标题,但总是出现错误:

从源“”访问位于“XXX”的XMLHttpRequest 已被CORS策略阻止:对飞行前请求的响应不可用 通过访问控制检查:未显示“访问控制允许原点”标题 在请求的资源上显示

以下是我的标题:

@WebServlet(asyncSupported = true,urlPatterns = {"/Mitarbeiter_Einzel_Update"})
public class Mitarbeiter_Einzel_Update extends HttpServlet {
private static final long serialVersionUID = 1L;

public Mitarbeiter_Einzel_Update() {
    super();
}

@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
    doPost(req, resp);
}

@Override
 public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {



    response.setContentType("application/json");
    response.setCharacterEncoding("UTF-8");
    response.addHeader("Access-Control-Allow-Origin", "http://localhost:8080");
    response.addHeader("Access-Control-Allow-Headers", "X-PINGOTHER, Origin, X-Requested-With, Content-Type, Accept");
    response.addHeader("Access-Control-Max-Age", "1728000");
    response.addHeader("Access-Control-Allow-Methods", "GET,PUT,POST,DELETE");

  [...]

  }

}
您应该创建servlet过滤器来检查请求方法是否为“OPTIONS”

您应该创建servlet过滤器来检查请求方法是否为“OPTIONS”

    import javax.servlet.Filter;

    public class CorsFilter implements Filter {

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
            throws IOException, ServletException {

        HttpServletRequest req  = (HttpServletRequest) request;
        HttpServletResponse resp = (HttpServletResponse) response;

        resp.setHeader("Access-Control-Allow-Origin", "http://localhost:8080");
        //resp.setHeader("Access-Control-Allow-Origin", req.getHeader("Origin"));
        resp.setHeader("Access-Control-Allow-Credentials", "true");

        if("OPTIONS".equals(req.getMethod())) {
            resp.setHeader("Access-Control-Allow-Methods", req.getHeader("Access-Control-Request-Method"));
            resp.setHeader("Access-Control-Allow-Headers", req.getHeader("Access-Control-Request-Headers"));
            resp.setHeader("Access-Control-Max-Age", "3600");

            resp.setStatus(HttpServletResponse.SC_OK);
        } else {
            chain.doFilter(request, response);
        }
    }

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    @Override
    public void destroy() {
    }
}