Java 在spring boot版本2.4.0中更改CORS策略
使用Spring 2.3.0.RELEASE,我得到了以下CORS确认:Java 在spring boot版本2.4.0中更改CORS策略,java,spring,spring-boot,cors,Java,Spring,Spring Boot,Cors,使用Spring 2.3.0.RELEASE,我得到了以下CORS确认: @Configuration @EnableWebSecurity @ComponentScan("com.softeq.ems.config") @EnableGlobalMethodSecurity(prePostEnabled = true) public class EmsJwtSecurityConfig extends BaseSecurityConfig { @Value(&qu
@Configuration
@EnableWebSecurity
@ComponentScan("com.softeq.ems.config")
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class EmsJwtSecurityConfig extends BaseSecurityConfig {
@Value("${management.endpoints.web.cors.allowed-origins}")
private String[] allowedOrigins;
@Override
protected void configureHttp(HttpSecurity http) throws Exception {
if (allowedOrigins.length > 0) {
http.cors().configurationSource(corsConfigSource());
}
http.csrf().disable();
}
private CorsConfigurationSource corsConfigSource() {
final CorsConfiguration corsConfig = new CorsConfiguration();
corsConfig.addAllowedHeader(CorsConfiguration.ALL);
corsConfig.addAllowedMethod(CorsConfiguration.ALL);
Stream.of(allowedOrigins).forEach(
origin -> corsConfig.addAllowedOrigin(origin)
);
return request -> corsConfig;
}
变量management.endpoints.web.cors.allowed-origins=http://localhost:4200, http://127.0.0.1:4200
这个配置运行良好,我需要的所有跨平台请求都得到了授权
但在发布后迁移到spring boot 2.4.0之后,当我像往常一样尝试向主机发送请求时,我在chrome浏览器控制台中遇到了经典的cors策略错误:
Access to XMLHttpRequest at 'http://localhost:8080/api/v1/me/balance' from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status
Spring发行说明说cors配置提供了一个新属性allowedOriginPatterns
,但我不知道如何使用它:
请帮我找出我的问题所在 我是这样做的:
@配置
@简介(“!生产”)
类别CorsConfig:webmvcconfiguer{
覆盖公司名称(注册号:CorsRegistry){
登记处
.addMapping(“/**”)
.allowedOriginPatterns(“http://localhost:3000")
}
}
以下是我对您的代码所做的操作:
private CorsConfigurationSource corsConfigSource() {
final CorsConfiguration corsConfig = new CorsConfiguration();
corsConfig.addAllowedHeader(CorsConfiguration.ALL);
corsConfig.addAllowedMethod(CorsConfiguration.ALL);
Stream.of(allowedOrigins).forEach(
//origin -> corsConfig.addAllowedOrigin(origin)
origin -> corsConfig.addAllowedOriginPattern(origin)
);
return request -> corsConfig;
}