Java GWT编号';访问控制允许原点';请求的资源上存在标头
我们正在尝试在tomcat上实现CORS过滤器,以允许跨域请求。我们有两个GWT项目,都在两个不同的tomcat(不同的机器)上。在阅读了CORS过滤器文档之后,我刚刚在tomcat的web.xml文件中添加了CORS过滤器Java GWT编号';访问控制允许原点';请求的资源上存在标头,java,tomcat,gwt,cors,Java,Tomcat,Gwt,Cors,我们正在尝试在tomcat上实现CORS过滤器,以允许跨域请求。我们有两个GWT项目,都在两个不同的tomcat(不同的机器)上。在阅读了CORS过滤器文档之后,我刚刚在tomcat的web.xml文件中添加了CORS过滤器 `<filter> <filter-name>CorsFilter</filter-name> <filter-class>org.apache.catalina.filters.CorsFilter</fil
`<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
</init-param>
<init-param>
<param-name>cors.exposed.headers</param-name>
<param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
</init-param>
<init-param>
<param-name>cors.support.credentials</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.preflight.maxage</param-name>
<param-value>10</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>`
`
克斯菲尔特
org.apache.catalina.filters.CorsFilter
科尔斯
*
cors.methods
获取、发布、头部、选项、放置
cors.allowed.headers
内容类型、X-Requested-With、accept、Origin、访问控制请求方法、访问控制请求标头
cors.exposed.headers
访问控制允许来源,访问控制允许凭据
cors.support.credentials
真的
cors.preflight.maxage
10
克斯菲尔特
/*
`
使用GWT实现CORS筛选器的实际过程是什么?扩展
筛选器注意:这只是一个简单的例子,让你去。如果配置方式不正确,请告知自己安全风险…
检查最后一部分 别忘了在web.xml文件(在WAR文件中,而不是在tomcatweb.xml文件中)中添加
过滤器
克斯菲尔特
科斯菲尔特先生
克斯菲尔特
/*
我已将servlet和映射放在webapp项目中。但请求的资源上仍然存在“Access Control Allow Origin”头的错误。是否将其放置在具有服务实现的项目中?试着调试一下,看看为什么它不允许这个请求
public class CORSFilter implements Filter {
// For security reasons set this regex to an appropriate value
// example: ".*example\\.com"
private static final String ALLOWED_DOMAINS_REGEXP = ".*";
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse,
FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) servletRequest;
HttpServletResponse resp = (HttpServletResponse) servletResponse;
String origin = req.getHeader("Origin");
if (origin != null && origin.matches(ALLOWED_DOMAINS_REGEXP)) {
resp.addHeader("Access-Control-Allow-Origin", origin);
if ("options".equalsIgnoreCase(req.getMethod())) {
resp.setHeader("Allow", "GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS");
if (origin != null) {
String headers = req.getHeader("Access-Control-Request-Headers");
String method = req.getHeader("Access-Control-Request-Method");
resp.addHeader("Access-Control-Allow-Methods", method);
resp.addHeader("Access-Control-Allow-Headers", headers);
// optional, only needed if you want to allow cookies.
resp.addHeader("Access-Control-Allow-Credentials", "true");
resp.setContentType("text/x-gwt-rpc");
}
resp.getWriter().flush();
return;
}
}
// Fix ios6 caching post requests
if ("post".equalsIgnoreCase(req.getMethod())) {
resp.addHeader("Cache-Control", "no-cache");
}
if (filterChain != null) {
filterChain.doFilter(req, resp);
}
}
@Override
public void destroy() {
}
@Override
public void init(FilterConfig arg0) throws ServletException {
}
}
<filter>
<filter-name>corsFilter</filter-name>
<filter-class><YourProjectPath>.CORSFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>corsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>