Fatal编程技术网
  • spring/
  • Spring Angular4 CORS标头包含多个值

Spring Angular4 CORS标头包含多个值

spring angular cors

Spring Angular4 CORS标头包含多个值,spring,angular,cors,Spring,Angular,Cors,请有人帮忙解决这个问题: 后端spring应用程序 web.xml 角度前端: let headers = new Headers({ 'Content-Type': 'application/json' }); let options = new RequestOptions({ headers: headers }); return this.http.post(AppSettings.API_ENDPOINT + '/url', JSON.stringify(user),

请有人帮忙解决这个问题: 后端spring应用程序 web.xml

角度前端:

let headers = new Headers({ 'Content-Type': 'application/json' });
    let options = new RequestOptions({ headers: headers });
    return this.http.post(AppSettings.API_ENDPOINT + '/url', JSON.stringify(user), options)
      .map(response => response.json())      
  }
浏览器返回问题:

对飞行前请求的响应未通过访问控制检查: “访问控制允许来源”标题包含多个值

我也面临同样的问题。根本原因是cors头多次移动。我评论说

httpResponse.setHeader("Access-Control-Allow-Origin", "*");"
线路

我只有一个安全配置类,如下所示。这门课解决了我的cors问题

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http
            // your security config here
            .authorizeRequests()
            .antMatchers(HttpMethod.TRACE, "/**").denyAll()
            .antMatchers("/admin/**").authenticated()
            .anyRequest().permitAll()
            .and().httpBasic()
            .and().headers().frameOptions().disable()
            .and().csrf().disable()
            .headers()
            // the headers you want here. This solved all my CORS problems! 
           /* .addHeaderWriter(new StaticHeadersWriter("Access-Control-Allow-Origin", "*"))*/
            .addHeaderWriter(new StaticHeadersWriter("Access-Control-Allow-Methods", "POST, GET"))
            .addHeaderWriter(new StaticHeadersWriter("Access-Control-Max-Age", "3600"))
            .addHeaderWriter(new StaticHeadersWriter("Access-Control-Allow-Credentials", "true"))
            .addHeaderWriter(new StaticHeadersWriter("Access-Control-Allow-Headers", "Origin,Accept,X-Requested-With,Content-Type,Access-Control-Request-Method,Access-Control-Request-Headers,Authorization"));
    }
}
在我的例子中,我只是在做POC,并从angular应用程序调用Rest资源。我在CORS面临唯一的问题。 为了只解决cors问题,下面的代码也足够了

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {

    }
}
将此:httpResponse.setHeaderAccess-Control-Allow-Origin,*,*…更改为:httpResponse.setHeaderAccess-Control-Allow-Origin,*浏览器要求Access Control Allow-Origin值为单个*通配符,以指示允许任何原点或单个原点;e、 例如,访问控制允许原点:https://foo.com. 
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http
            // your security config here
            .authorizeRequests()
            .antMatchers(HttpMethod.TRACE, "/**").denyAll()
            .antMatchers("/admin/**").authenticated()
            .anyRequest().permitAll()
            .and().httpBasic()
            .and().headers().frameOptions().disable()
            .and().csrf().disable()
            .headers()
            // the headers you want here. This solved all my CORS problems! 
           /* .addHeaderWriter(new StaticHeadersWriter("Access-Control-Allow-Origin", "*"))*/
            .addHeaderWriter(new StaticHeadersWriter("Access-Control-Allow-Methods", "POST, GET"))
            .addHeaderWriter(new StaticHeadersWriter("Access-Control-Max-Age", "3600"))
            .addHeaderWriter(new StaticHeadersWriter("Access-Control-Allow-Credentials", "true"))
            .addHeaderWriter(new StaticHeadersWriter("Access-Control-Allow-Headers", "Origin,Accept,X-Requested-With,Content-Type,Access-Control-Request-Method,Access-Control-Request-Headers,Authorization"));
    }
}

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {

    }
}