响应中未返回Spring访问控制允许源
我有一个带有spring security应用程序的spring boot starter webflux,但当我发送请求时,响应中不会返回Access Control Allow Originates头 这是CORS配置:响应中未返回Spring访问控制允许源,spring,http-headers,cors,Spring,Http Headers,Cors,我有一个带有spring security应用程序的spring boot starter webflux,但当我发送请求时,响应中不会返回Access Control Allow Originates头 这是CORS配置: @配置 @顺序(有序。最高优先级) 类别CorsConfig:webfluxconfig{ 覆盖有趣的添加公司名称(公司注册:公司注册){ corsRegistry.addMapping(“/**”) .允许的来源(“*”) .允许的标题(“*”) .允许的方法(“*”)
@配置
@顺序(有序。最高优先级)
类别CorsConfig:webfluxconfig{
覆盖有趣的添加公司名称(公司注册:公司注册){
corsRegistry.addMapping(“/**”)
.允许的来源(“*”)
.允许的标题(“*”)
.允许的方法(“*”)
.maxAge(3600)
}
@豆子
@顺序(有序。最高优先级)
有趣的corsFilter():CorsWebFilter{
val config=corscoConfiguration()
config.allowCredentials=true
config.addAllowedOrigin(“*”)
config.addAllowedHeader(“*”)
config.addAllowedMethod(“*”)
val source=UrlBasedCorsConfigurationSource()
source.registerCorsConfiguration(“/**”,配置)
返回CorsWebFilter(源)
}
}
@组成部分
类AddControlHeaderWebFilter:WebFilter{
覆盖有趣的过滤器(exchange:ServerWebExchange,链:WebFilterChain):Mono{
val headers=exchange.response.headers
headers.add(“访问控制允许头”、“*”)
headers.add(“访问控制允许原点”、“*”)
headers.add(“访问控制允许方法”、“*”)
返回链。过滤器(交换)
}
}
@启用WebFluxSecurity
@EnableReactiveMethodSecurity
类SecurityConfig{
@豆子
有趣的springSecurityFilterChain(http:ServerHttpSecurity):SecurityWebFilterChain{
http
.授权交易所()
.pathMatchers(“/**”).permitAll()
.anyExchange().authenticated()
.及()
.例外处理()
.accessDeniedHandler(HttpStatusServerAccessDeniedHandler(HttpStatus.FORBIDDEN))
.及()
.oauth2ResourceServer()
.jwt()
.jwtAuthenticationConverter(授权权限提取器())
http.cors()
http.csrf().disable()
返回http.build()
}
}
Access-Control-Request-Method: GET
Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJvQTRLYVJjWVJuMDFLWlhCSll4djBvT1JYNnZxbm5OOUszRnFEdEQtM0tnIn0.eyJleHAiOjE1OTcwODQ1ODEsImlhdCI6MTU5NzA0ODU4MSwiYXV0aF90aW1lIjoxNTk3MDQ4NTgxLCJqdGkiOiIxMjgxMGU5My1kMTg0LTQzZDQtYWQ3Yi01NTU1NThmYjkxN2QiLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvYmFza2VpdG9yIiwiYXVkIjpbInRyYWluaW5nLXNlcnZpY2UiLCJhY2NvdW50Il0sInN1YiI6IjY2Yzk2ZmRjLTE1MGEtNDU1OS04NjdmLWNkMGVmY2I5YzU2OSIsInR5cCI6IkJlYXJlciIsImF6cCI6InRlYW1zLWZyb250ZW5kIiwic2Vzc2lvbl9zdGF0ZSI6IjVkYmY5ODhmLTliYWMtNDliZi1iMDM1LTVjZGJlZjBhNDg2MiIsImFjciI6IjEiLCJhbGxvd2VkLW9yaWdpbnMiOlsiKiJdLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7InRyYWluaW5nLXNlcnZpY2UiOnsicm9sZXMiOlsiY29hY2giXX0sInRlYW1zLWZyb250ZW5kIjp7InJvbGVzIjpbImNvYWNoIl19LCJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50IiwibWFuYWdlLWFjY291bnQtbGlua3MiLCJ2aWV3LXByb2ZpbGUiXX19LCJzY29wZSI6Im9wZW5pZCBlbWFpbCBwcm9maWxlIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsIm5hbWUiOiJ0ZXN0IHRlc3QiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJ0ZXN0IiwiZ2l2ZW5fbmFtZSI6InRlc3QiLCJmYW1pbHlfbmFtZSI6InRlc3QiLCJlbWFpbCI6InRlc3RAaW52ZW50LmNvbSJ9.LyaZvyAxaa201D4vE9JLGCCJS4s_JXc-iRpegNngcZ9H9uIFQKeFkyl5jm12u-gN9lR7sQ8Qqp7W-g1m-2zc5Te3XQIbv2Al5-FW8w_zctWWthfTwwdxMFGcjbG_DCJvXaJlkwcaxK0ah0207yJo9fKZoL5jbBQdbopf0V2Pl7tsJDawwk1D92Mf1aaxTmjqUetltsrY_OU3zH4Ln9i6DxTuYlDB0K2vyr5jX9sjTZowXypVHeIwhbR4s0B368nmpxkaoSfxa-iMTTJ-nqEAJL0H2FPUHBbeaNR5Oaei62zeysbb-cU_f45OKOuGWFvZBWvtcI1N8MMOo9w-8-dwYQ
User-Agent: PostmanRuntime/7.26.2
Accept: */*
Postman-Token: 485c16ca-aaf2-482e-a4f7-47b603684719
Host: localhost:8200
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: SESSION=1a0b99b2-44d5-4224-86ea-510d5c6d5603
transfer-encoding: chunked
Content-Type: application/json
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1 ; mode=block
Referrer-Policy: no-referrer
Set-Cookie: SESSION=; Path=/; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:00 GMT; HttpOnly; SameSite=Lax
transfer-encoding: chunked
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Access-Control-Allow-Origin: *
Content-Type: application/json
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1 ; mode=block
Referrer-Policy: no-referrer
Access-Control-Request-Method: GET
Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJvQTRLYVJjWVJuMDFLWlhCSll4djBvT1JYNnZxbm5OOUszRnFEdEQtM0tnIn0.eyJleHAiOjE1OTcwODQ1ODEsImlhdCI6MTU5NzA0ODU4MSwiYXV0aF90aW1lIjoxNTk3MDQ4NTgxLCJqdGkiOiIxMjgxMGU5My1kMTg0LTQzZDQtYWQ3Yi01NTU1NThmYjkxN2QiLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvYmFza2VpdG9yIiwiYXVkIjpbInRyYWluaW5nLXNlcnZpY2UiLCJhY2NvdW50Il0sInN1YiI6IjY2Yzk2ZmRjLTE1MGEtNDU1OS04NjdmLWNkMGVmY2I5YzU2OSIsInR5cCI6IkJlYXJlciIsImF6cCI6InRlYW1zLWZyb250ZW5kIiwic2Vzc2lvbl9zdGF0ZSI6IjVkYmY5ODhmLTliYWMtNDliZi1iMDM1LTVjZGJlZjBhNDg2MiIsImFjciI6IjEiLCJhbGxvd2VkLW9yaWdpbnMiOlsiKiJdLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7InRyYWluaW5nLXNlcnZpY2UiOnsicm9sZXMiOlsiY29hY2giXX0sInRlYW1zLWZyb250ZW5kIjp7InJvbGVzIjpbImNvYWNoIl19LCJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50IiwibWFuYWdlLWFjY291bnQtbGlua3MiLCJ2aWV3LXByb2ZpbGUiXX19LCJzY29wZSI6Im9wZW5pZCBlbWFpbCBwcm9maWxlIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsIm5hbWUiOiJ0ZXN0IHRlc3QiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJ0ZXN0IiwiZ2l2ZW5fbmFtZSI6InRlc3QiLCJmYW1pbHlfbmFtZSI6InRlc3QiLCJlbWFpbCI6InRlc3RAaW52ZW50LmNvbSJ9.LyaZvyAxaa201D4vE9JLGCCJS4s_JXc-iRpegNngcZ9H9uIFQKeFkyl5jm12u-gN9lR7sQ8Qqp7W-g1m-2zc5Te3XQIbv2Al5-FW8w_zctWWthfTwwdxMFGcjbG_DCJvXaJlkwcaxK0ah0207yJo9fKZoL5jbBQdbopf0V2Pl7tsJDawwk1D92Mf1aaxTmjqUetltsrY_OU3zH4Ln9i6DxTuYlDB0K2vyr5jX9sjTZowXypVHeIwhbR4s0B368nmpxkaoSfxa-iMTTJ-nqEAJL0H2FPUHBbeaNR5Oaei62zeysbb-cU_f45OKOuGWFvZBWvtcI1N8MMOo9w-8-dwYQ
User-Agent: PostmanRuntime/7.26.2
Accept: */*
Postman-Token: 485c16ca-aaf2-482e-a4f7-47b603684719
Host: localhost:8200
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: SESSION=1a0b99b2-44d5-4224-86ea-510d5c6d5603
transfer-encoding: chunked
Content-Type: application/json
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1 ; mode=block
Referrer-Policy: no-referrer
Set-Cookie: SESSION=; Path=/; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:00 GMT; HttpOnly; SameSite=Lax
transfer-encoding: chunked
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Access-Control-Allow-Origin: *
Content-Type: application/json
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1 ; mode=block
Referrer-Policy: no-referrer
为什么响应中不返回“访问控制允许来源”、“访问控制允许方法”、“访问控制允许标头”?我的浏览器正在阻止飞行前的请求,我想这是因为响应中没有此标题。我不确定CorsWebFilter是否默认注册为http。您可能需要添加为筛选器。在文档中,您应该使用CorsConfiguration源代码(java版本):
我将@Bean声明从CorsConfig移到了应用程序类中,它工作起来很有魅力
@EnableWebFlux
课堂培训服务应用{
@豆子
乐趣CorsConfiguration源():CorsConfiguration源{
val配置=公司配置()
configuration.allowedOrigins=listOf(“*”)
configuration.allowedMethods=listOf(“*”)
configuration.allowedHeaders=listOf(“*”)
val source=UrlBasedCorsConfigurationSource()
source.registerCorsConfiguration(“/**”,配置)
返回源
}
}
Access-Control-Request-Method: GET
Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJvQTRLYVJjWVJuMDFLWlhCSll4djBvT1JYNnZxbm5OOUszRnFEdEQtM0tnIn0.eyJleHAiOjE1OTcwODQ1ODEsImlhdCI6MTU5NzA0ODU4MSwiYXV0aF90aW1lIjoxNTk3MDQ4NTgxLCJqdGkiOiIxMjgxMGU5My1kMTg0LTQzZDQtYWQ3Yi01NTU1NThmYjkxN2QiLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvYmFza2VpdG9yIiwiYXVkIjpbInRyYWluaW5nLXNlcnZpY2UiLCJhY2NvdW50Il0sInN1YiI6IjY2Yzk2ZmRjLTE1MGEtNDU1OS04NjdmLWNkMGVmY2I5YzU2OSIsInR5cCI6IkJlYXJlciIsImF6cCI6InRlYW1zLWZyb250ZW5kIiwic2Vzc2lvbl9zdGF0ZSI6IjVkYmY5ODhmLTliYWMtNDliZi1iMDM1LTVjZGJlZjBhNDg2MiIsImFjciI6IjEiLCJhbGxvd2VkLW9yaWdpbnMiOlsiKiJdLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7InRyYWluaW5nLXNlcnZpY2UiOnsicm9sZXMiOlsiY29hY2giXX0sInRlYW1zLWZyb250ZW5kIjp7InJvbGVzIjpbImNvYWNoIl19LCJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50IiwibWFuYWdlLWFjY291bnQtbGlua3MiLCJ2aWV3LXByb2ZpbGUiXX19LCJzY29wZSI6Im9wZW5pZCBlbWFpbCBwcm9maWxlIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsIm5hbWUiOiJ0ZXN0IHRlc3QiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJ0ZXN0IiwiZ2l2ZW5fbmFtZSI6InRlc3QiLCJmYW1pbHlfbmFtZSI6InRlc3QiLCJlbWFpbCI6InRlc3RAaW52ZW50LmNvbSJ9.LyaZvyAxaa201D4vE9JLGCCJS4s_JXc-iRpegNngcZ9H9uIFQKeFkyl5jm12u-gN9lR7sQ8Qqp7W-g1m-2zc5Te3XQIbv2Al5-FW8w_zctWWthfTwwdxMFGcjbG_DCJvXaJlkwcaxK0ah0207yJo9fKZoL5jbBQdbopf0V2Pl7tsJDawwk1D92Mf1aaxTmjqUetltsrY_OU3zH4Ln9i6DxTuYlDB0K2vyr5jX9sjTZowXypVHeIwhbR4s0B368nmpxkaoSfxa-iMTTJ-nqEAJL0H2FPUHBbeaNR5Oaei62zeysbb-cU_f45OKOuGWFvZBWvtcI1N8MMOo9w-8-dwYQ
User-Agent: PostmanRuntime/7.26.2
Accept: */*
Postman-Token: 485c16ca-aaf2-482e-a4f7-47b603684719
Host: localhost:8200
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: SESSION=1a0b99b2-44d5-4224-86ea-510d5c6d5603
transfer-encoding: chunked
Content-Type: application/json
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1 ; mode=block
Referrer-Policy: no-referrer
Set-Cookie: SESSION=; Path=/; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:00 GMT; HttpOnly; SameSite=Lax
transfer-encoding: chunked
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Access-Control-Allow-Origin: *
Content-Type: application/json
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1 ; mode=block
Referrer-Policy: no-referrer