Fatal编程技术网
  • java/
  • Java 飞行前响应中的访问控制允许标头不允许在请求标头字段中启用cors访问控制允许原点

Java 飞行前响应中的访问控制允许标头不允许在请求标头字段中启用cors访问控制允许原点

java spring angular spring-boot cors

Java 飞行前响应中的访问控制允许标头不允许在请求标头字段中启用cors访问控制允许原点,java,spring,angular,spring-boot,cors,Java,Spring,Angular,Spring Boot,Cors,我在后端使用spring引导服务,在前端使用angular 6 在spring boot中,我使用启用了cors @Override public void addCorsMappings(CorsRegistry registry) { registry.addMapping("/interview/**").allowedOrigins("*"); } 我对每个服务都使用拦截器 前端呼叫服务: headers = new Headers(); constructor(priv

我在后端使用spring引导服务,在前端使用angular 6

在spring boot中,我使用启用了cors

 @Override
 public void addCorsMappings(CorsRegistry registry) {
    registry.addMapping("/interview/**").allowedOrigins("*");
 }
我对每个服务都使用拦截器

前端呼叫服务:

headers = new Headers();
constructor(private http: Http, private logger: MLogger) {
    this.headers.set("Access-Control-Allow-Origin", "*");
    this.headers.set( 'Content-Type', 'application/json',);
    this.headers.set( 'Accept', '*');
    this.headers.set( 'sessionId', DataService.sessionId);
 }
 private options = new RequestOptions({ headers: this.headers});
  interviewCommand: InterviewCommand;
  getInterviewDetails(data: any): Promise<any> {
    const serviceURL = environment.startInterviewURL;
    return this.http
      .post(serviceURL,data, this.options)
      .toPromise()
      .then(
        interviewCommand => {
          //doing some stuff
          }
        })
      .catch(this.handleInterviewCommandError);
  }
得到答案

已将此.headers.set(“Access Control Allow Origin”、“*”)从中删除 前端

在侦听器响应的后端中添加

response.setHeader(“访问控制允许标头”, “授权、内容类型、内容范围、内容处置, 内容描述、来源、X-Requested-With、sessionId”); response.setHeader(“访问控制允许原点“,“*”)

得到了答案

已将此.headers.set(“Access Control Allow Origin”、“*”)从中删除 前端

在侦听器响应的后端中添加

response.setHeader(“访问控制允许标头”, “授权、内容类型、内容范围、内容处置, 内容描述、来源、X-Requested-With、sessionId”); response.setHeader(“访问控制允许原点“,“*”)

如果启用了全局cors配置,则不需要拦截器。从前端JavaScript代码中删除this.headers.set(“访问控制允许源代码”,“*”)。访问控制允许源不是请求标头。这是一个响应标题我正在将拦截器用于我的rest服务的其他用途。获得解决方案…….如果启用全局cors配置,则不需要拦截器从前端JavaScript代码中删除此.headers.set(“访问控制允许源”,“*”)。访问控制允许源不是请求标头。这是一个响应headeri我将拦截器用于我的rest服务的其他用途。得到解决方案。。。。。。。 
if (request.getMethod().equals("OPTIONS")) {
        response.setHeader("Access-Control-Allow-Origin", "*");
        response.setHeader("Access-Control-Allow-Origin-Methods", "GET, POST, OPTIONS");
        response.setHeader("Access-Control-Allow-Headers", "Authorization, Content-Range, Content-Disposition, Content-Description,Origin, X-Requested-With");
        response.setHeader("Access-Control-Expose-Headers", "*");
          response.setHeader("Access-Control-Allow-Credentials", "true");
          response.setHeader("Access-Control-Max-Age", "4800");
        }

When you start playing around with custom request headers you will get a CORS preflight. This is a request that uses the HTTP OPTIONS verb and includes several headers, one of which being Access-Control-Request-Headers listing the headers the client wants to include in the request.

You need to reply to that CORS preflight with the appropriate CORS headers to make this work. One of which is indeed Access-Control-Allow-Headers. That header needs to contain the same values the Access-Control-Request-Headers header contained (or more).

https://fetch.spec.whatwg.org/#http-cors-protocol explains this setup in more detail.