Spring boot 弹簧靴Cors“;“访问控制最大年龄”;浏览器忽略标题
我从这个标题中期待的是;浏览器仅发送一个Spring boot 弹簧靴Cors“;“访问控制最大年龄”;浏览器忽略标题,spring-boot,cors,http-headers,Spring Boot,Cors,Http Headers,我从这个标题中期待的是;浏览器仅发送一个选项飞行前请求,每个资源的最大使用期限 但是,我尝试的每个浏览器都会不断发送options飞行前请求,用于每个请求,甚至是之前发送的请求 我尝试禁用无缓存头,但没有任何更改。我在下面分享了我的cors配置代码。顺便说一下,我的spring boot没有配置为https/ssl,但域和前端react应用程序是,这可能是问题所在吗 @Bean public WebMvcConfigurer corsConfigurer(){ re
选项飞行前请求
,每个资源的最大使用期限
但是,我尝试的每个浏览器都会不断发送options飞行前请求
,用于每个请求,甚至是之前发送的请求
我尝试禁用无缓存头
,但没有任何更改。我在下面分享了我的cors配置
代码。顺便说一下,我的spring boot没有配置为https/ssl,但域和前端react应用程序是,这可能是问题所在吗
@Bean
public WebMvcConfigurer corsConfigurer(){
return new WebMvcConfigurer() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedHeaders("*")
.allowedMethods("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS")
.allowCredentials(true)
.allowedOrigins(ALLOWED_ORIGINS)
.exposedHeaders(AuthorizationController.AUTHENTICATION_KEY_NAME,
RequestInterceptor.FAILURE_REASON_HEADER_KEY_NAME,
RequestInterceptor.CONTENT_DISPOSITION_HEADER_KEY_NAME)
.maxAge(36000);
}
};
}
@Bean
public CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Collections.singletonList(ALLOWED_ORIGINS));
configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"));
configuration.setAllowedHeaders(Collections.singletonList("*"));
configuration.setExposedHeaders(Arrays.asList(AuthorizationController.AUTHENTICATION_HEADER_NAME,
RequestInterceptor.ERROR_DESCRIPTION_HEADER_KEY_NAME,
RequestInterceptor.CONTENT_DISPOSITION_HEADER_KEY_NAME));
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
我还在OncePerRequestFilter
中为每个请求添加以下标题
httpServletResponse.setHeader("Access-Control-Max-Age","36000");
httpServletResponse.setHeader("Access-Control-Allow-Origin",ALLOWED_ORIGINS);
httpServletResponse.setHeader("Access-Control-Allow-Headers","*");
httpServletResponse.setHeader("Access-Control-Allow-Methods","GET, PUT, POST, DELETE, HEAD, OPTIONS");
httpServletResponse.setHeader("Cache-Control","no-cache, no-store, max-age=36000")
您需要将访问后端的域/主机列为白名单/