Spring boot 导致cors在web浏览器上失败的spring boot zuul
我已经为zuul配置了cors以检查原点等 下面是我在zuul服务中添加的代码,我的zull代理将此请求转发到后台服务,我希望在发送到后端微服务之前在zuul上测试此corsSpring boot 导致cors在web浏览器上失败的spring boot zuul,spring-boot,netflix-zuul,Spring Boot,Netflix Zuul,我已经为zuul配置了cors以检查原点等 下面是我在zuul服务中添加的代码,我的zull代理将此请求转发到后台服务,我希望在发送到后端微服务之前在zuul上测试此cors @Component @Order(Ordered.HIGHEST_PRECEDENCE) public class SimpleCORSFilter implements Filter { Logger logger = LoggerFactory.getLogger(SimpleCORSFilter.clas
@Component
@Order(Ordered.HIGHEST_PRECEDENCE)
public class SimpleCORSFilter implements Filter {
Logger logger = LoggerFactory.getLogger(SimpleCORSFilter.class);
@Value("${myserver.origin}")
private String origin;
public SimpleCORSFilter() {
logger.info("SimpleCORSFilter init");
}
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
response.setHeader("Access-Control-Allow-Origin", origin);
response.setHeader("Access-Control-Allow-Methods", "POST, PUT, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Allow-Headers", "Authorization, Content-Type, x-requested-with, Accept,username,idType");
response.setHeader("Access-Control-Max-Age", "3600");
/*
if ("OPTIONS".equalsIgnoreCase(((HttpServletRequest) req).getMethod())) {
response.setStatus(HttpServletResponse.SC_OK);
} else {
chain.doFilter(req, res);
}
*/
chain.doFilter(req, res);
}
public void init(FilterConfig filterConfig) {
}
public void destroy() {}
}
我已配置myserver.origin=
在Chrome浏览器中,我收到失败(403)错误
我从Chrome上抓到了日志
概述:
Request URL: http://172.160.128.10:9898/api/test
Request Method: OPTIONS
Status Code: 403
Remote Address: 172.160.128.10:9898
Referrer Policy: no-referrer-when-downgrade
响应头
Access-Control-Allow-Headers: Authorization,Content-Type,Accept,username
Access-Control-Allow-Methods: POST, PUT, GET, OPTIONS, DELETE
Access-Control-Allow-Origin: http://172.160.128.60:8080
Access-Control-Max-Age: 3600
Allow: GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH
Date: Fri, 04 Oct 2019 12:12:32 GMT
Transfer-Encoding: chunked
请求头
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: http://172.160.128.10:8080
Referer: http://172.160.128.10:8080/api/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36
所以从浏览器发送正确的字段时失败了您所做的任何CORS配置都不会导致服务器阻止来自curl的请求。您所做的任何CORS配置都不会更改任何响应的HTTP状态代码。CORS配置的唯一作用是使服务器发回额外的响应头。就这样,好的。。我有一个前端UI,它调用我的API。。如果删除if选项检查,他总是得到403,尽管一切正常——只添加chain.doFilter(req,res);您所做的任何CORS配置都不会导致服务器阻止来自curl的请求。您所做的任何CORS配置都不会更改任何响应的HTTP状态代码。CORS配置的唯一作用是使服务器发回额外的响应头。就这样,好的。。我有一个前端UI,它调用我的API。。如果删除if选项检查,他总是得到403,尽管一切正常——只添加chain.doFilter(req,res);