Spring boot 无法向Spring资源服务器发送POST请求_Spring Boot_React Redux_Axios_Spring Oauth2

Spring boot 无法向Spring资源服务器发送POST请求

spring-boot

Spring boot 无法向Spring资源服务器发送POST请求,spring-boot,react-redux,axios,spring-oauth2,Spring Boot,React Redux,Axios,Spring Oauth2,我有一个Spring BootResourceServer，和一个React客户端应用程序。我正试图向其中一个服务器端点（具有@CrossOrigin注释，顺便说一句）发送POST请求，但是，我在控制台中收到此错误：从访问“”处的XMLHttpRequest 源“”已被CORS策略阻止：对飞行前请求的响应未通过访问控制检查：它没有HTTP ok状态飞行前请求返回401HTTP状态，我不知道为什么飞行前请求的响应标头如下所示： Access-Control-Allow-Credentia

我有一个Spring Boot

ResourceServer

，和一个React客户端应用程序。我正试图向其中一个服务器端点（具有

@CrossOrigin

注释，顺便说一句）发送

POST

请求，但是，我在控制台中收到此错误：

从访问“”处的XMLHttpRequest 源“”已被CORS策略阻止：对飞行前请求的响应未通过访问控制检查：它没有HTTP ok状态

飞行前请求返回401HTTP状态，我不知道为什么

飞行前请求的响应标头如下所示：

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: POST
Access-Control-Allow-Origin: http://localhost:3000
Allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Length: 0
Date: Sun, 20 Oct 2019 17:23:54 GMT
Expires: 0
Pragma: no-cache
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
WWW-Authenticate: Basic realm="Realm"
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block

Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: http://localhost:3000
Referer: http://localhost:3000/movie-search
Sec-Fetch-Mode: no-cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.87 Safari/537.36

http
    .authorizeRequests()
    .antMatchers(HTTPMethod.POST, "/api/search").permitAll()
    .anyRequest().authenticated()
    .and().httpBasic()

我的飞行前请求头如下所示：

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: POST
Access-Control-Allow-Origin: http://localhost:3000
Allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Length: 0
Date: Sun, 20 Oct 2019 17:23:54 GMT
Expires: 0
Pragma: no-cache
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
WWW-Authenticate: Basic realm="Realm"
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block

Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: http://localhost:3000
Referer: http://localhost:3000/movie-search
Sec-Fetch-Mode: no-cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.87 Safari/537.36

http
    .authorizeRequests()
    .antMatchers(HTTPMethod.POST, "/api/search").permitAll()
    .anyRequest().authenticated()
    .and().httpBasic()

我正在使用Axios发送请求（如果有必要的话）。有人知道这里发生了什么吗？

哎呀……我的HTTPSecurity配置如下所示：

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: POST
Access-Control-Allow-Origin: http://localhost:3000
Allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Length: 0
Date: Sun, 20 Oct 2019 17:23:54 GMT
Expires: 0
Pragma: no-cache
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
WWW-Authenticate: Basic realm="Realm"
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block

Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: http://localhost:3000
Referer: http://localhost:3000/movie-search
Sec-Fetch-Mode: no-cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.87 Safari/537.36

http
    .authorizeRequests()
    .antMatchers(HTTPMethod.POST, "/api/search").permitAll()
    .anyRequest().authenticated()
    .and().httpBasic()

与此相反：

http
    .authorizeRequests()
    .antMatchers("/api/search").permitAll()
    .anyRequest().authenticated()
    .and().httpBasic()

401错误响应似乎未正确应用身份验证机制。您的请求应该包含如下授权头：

Authorization:Bearer