在 Spring Data Rest 中启用跨源请求
Enabling cross origin requests in Spring Data Rest
我有一个正在使用 Angular 2 和 Spring Boot 开发的 Web 应用程序。我使用 spring-boot-data-rest 依赖项将我的存储库公开为 HTTP 端点。
在开发过程中,我 运行 我的后端 spring 在本地 tomcat 上启动项目 运行 在端口 8080 上。为了开发前端,我使用angular-cli 在端口 4200 上为我的 Angular 2 应用程序提供服务。我在 4200 上的前端 运行ning 需要能够访问暴露在 8080 上的端点,但这不起作用,因为:
No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:4200' is therefore not allowed access.
如果这些是我在 @RestController 中手动输入的自定义端点,我可以简单地添加 @CrossOrigin 注释:
@RestController
public class MyController {
@CrossOrigin(origins = "http://localhost:4200")
@RequestMapping(value = "/whatever")
public void whatever() {
//whatever
}
}
但我显然不能为 spring-boot-data-rest 公开的端点执行此操作。那么,我怎样才能让这些端点可以从 http://localhost:4200 来源访问?
也许您可以使用以下组件来启用 CORS 请求。
全局应用于application
@Component
@Order(Ordered.HIGHEST_PRECEDENCE)
public class SimpleCorsFilter implements Filter {
public SimpleCorsFilter() {
}
@Override
public void destroy() {
}
@Override
public void doFilter(final ServletRequest req, final ServletResponse res, final FilterChain chain) throws IOException, ServletException {
final HttpServletResponse response = (HttpServletResponse) res;
final HttpServletRequest request = (HttpServletRequest) req;
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "x-requested-with, authorization, token");
if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {
response.setStatus(HttpServletResponse.SC_OK);
} else {
chain.doFilter(req, res);
}
}
@Override
public void init(final FilterConfig filterConfig) {
}
}
我已经使用我的自定义 CORS 过滤器使其工作:
/**
* Filter for enabling CORS support.
*/
@Component
public class CorsFilter extends OncePerRequestFilter {
@Override
protected void doFilterInternal(final HttpServletRequest request, final HttpServletResponse response,
final FilterChain filterChain) throws ServletException, IOException {
response.addHeader("Access-Control-Allow-Origin", "*");
response.addHeader("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT, PATCH, HEAD, OPTIONS");
response.addHeader("Access-Control-Allow-Headers", "Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers");
response.addHeader("Access-Control-Expose-Headers", "Access-Control-Allow-Origin, Access-Control-Allow-Credentials");
response.addHeader("Access-Control-Allow-Credentials", "true");
response.addIntHeader("Access-Control-Max-Age", 10);
filterChain.doFilter(request, response);
}
}
我有一个正在使用 Angular 2 和 Spring Boot 开发的 Web 应用程序。我使用 spring-boot-data-rest 依赖项将我的存储库公开为 HTTP 端点。
在开发过程中,我 运行 我的后端 spring 在本地 tomcat 上启动项目 运行 在端口 8080 上。为了开发前端,我使用angular-cli 在端口 4200 上为我的 Angular 2 应用程序提供服务。我在 4200 上的前端 运行ning 需要能够访问暴露在 8080 上的端点,但这不起作用,因为:
No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:4200' is therefore not allowed access.
如果这些是我在 @RestController 中手动输入的自定义端点,我可以简单地添加 @CrossOrigin 注释:
@RestController
public class MyController {
@CrossOrigin(origins = "http://localhost:4200")
@RequestMapping(value = "/whatever")
public void whatever() {
//whatever
}
}
但我显然不能为 spring-boot-data-rest 公开的端点执行此操作。那么,我怎样才能让这些端点可以从 http://localhost:4200 来源访问?
也许您可以使用以下组件来启用 CORS 请求。 全局应用于application
@Component
@Order(Ordered.HIGHEST_PRECEDENCE)
public class SimpleCorsFilter implements Filter {
public SimpleCorsFilter() {
}
@Override
public void destroy() {
}
@Override
public void doFilter(final ServletRequest req, final ServletResponse res, final FilterChain chain) throws IOException, ServletException {
final HttpServletResponse response = (HttpServletResponse) res;
final HttpServletRequest request = (HttpServletRequest) req;
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "x-requested-with, authorization, token");
if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {
response.setStatus(HttpServletResponse.SC_OK);
} else {
chain.doFilter(req, res);
}
}
@Override
public void init(final FilterConfig filterConfig) {
}
}
我已经使用我的自定义 CORS 过滤器使其工作:
/**
* Filter for enabling CORS support.
*/
@Component
public class CorsFilter extends OncePerRequestFilter {
@Override
protected void doFilterInternal(final HttpServletRequest request, final HttpServletResponse response,
final FilterChain filterChain) throws ServletException, IOException {
response.addHeader("Access-Control-Allow-Origin", "*");
response.addHeader("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT, PATCH, HEAD, OPTIONS");
response.addHeader("Access-Control-Allow-Headers", "Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers");
response.addHeader("Access-Control-Expose-Headers", "Access-Control-Allow-Origin, Access-Control-Allow-Credentials");
response.addHeader("Access-Control-Allow-Credentials", "true");
response.addIntHeader("Access-Control-Max-Age", 10);
filterChain.doFilter(request, response);
}
}