Spring 引导:缺少 Cors 策略 'access-control-allow-origin'
Spring Boot: Cors policy missing 'access-control-allow-origin'
错误:我在 Firefox 中得到以下信息:外国站点查询被阻止:同源策略不允许读取远程资源 http://localhost:8080/api/v1/post /。 (原因:'Access-Control-Allow-Origin' CORS header 不存在)
我花了几个小时允许 CORS 与我的 Spring 引导服务器通信,以便使我的 REACT UI 与服务器通信。 Stack Overflow 上有很多措辞相似的问题,但没有一个建议的解决方案解决了我的问题...
Spring Boot 在 https://spring.io/guides/gs/rest-service-cors/ 上建议不同的解决方案。一种本地解决方案是使用注释。可以通过配置文件获得全局解决方案。
我已经尝试用 @CrossOrigin 注释控制器,如下面的代码所示:
package com.example.Blogging.api;
import com.example.Blogging.model.Post;
import com.example.Blogging.service.PostService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.*;
import java.util.List;
import java.util.Optional;
import java.util.UUID;
@CrossOrigin(origins = "http://localhost:3000")
@RequestMapping("api/v1/post")
@RestController
public class PostController {
private final PostService postService;
@Autowired
public PostController(PostService postService) {
this.postService = postService;
}
@PostMapping
public void addPost(@RequestBody Post post){
postService.addPost(post);
}
@GetMapping
public List<Post> getAllPosts(){
return postService.getAllPosts();
}
@GetMapping(path = "{id}")
public Optional<Post> getPostById(@PathVariable("id") UUID id){
return postService.getPostById(id);
}
@PutMapping(path="{id}")
public void updatePostById(@PathVariable("id") UUID id, @RequestBody Post post){
postService.updatePost(id,post);
}
@DeleteMapping(path="{id}")
public void deletePostById(@PathVariable("id") UUID id){
postService.deletePost(id);
}
}
这没有用..我也试过在每个方法而不是整个控制器上注释class。
此外,我尝试制作一个配置文件:
package com.example.Blogging.config;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
@Configuration
@EnableWebMvc
public class WebConfig extends WebMvcConfigurerAdapter {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedOrigins("*");
}
}
似乎没有任何效果。我浏览器中的控制台一直显示响应 header..
中缺少 'access-control-allow-origin'
作为参考,我也会把我的pom.xml放在下面:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.5.2</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>com.example</groupId>
<artifactId>Blogging</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>Blogging</name>
<description>Demo project for Spring Boot</description>
<properties>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
<scope>runtime</scope>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<!-- SPRING SECURITY -->
<!--<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<scope>test</scope>
</dependency>-->
<!-- SPRING BOOT STARTER SECURITY -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-jdbc</artifactId>
</dependency>
<dependency>
<groupId>org.postgresql</groupId>
<artifactId>postgresql</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.flywaydb</groupId>
<artifactId>flyway-core</artifactId>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>8.0.25</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-resources-plugin</artifactId>
<version>3.0.2</version>
</plugin>
</plugins>
</build>
</project>
谁能提出解决方案?提前致谢!
我刚注意到,您的依赖项中有 Spring 安全性。
您可能错过了在 WebSecurityConfig 中启用 CORS。
例如。像这样:
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors().and()...
}
}
错误:我在 Firefox 中得到以下信息:外国站点查询被阻止:同源策略不允许读取远程资源 http://localhost:8080/api/v1/post /。 (原因:'Access-Control-Allow-Origin' CORS header 不存在)
我花了几个小时允许 CORS 与我的 Spring 引导服务器通信,以便使我的 REACT UI 与服务器通信。 Stack Overflow 上有很多措辞相似的问题,但没有一个建议的解决方案解决了我的问题...
Spring Boot 在 https://spring.io/guides/gs/rest-service-cors/ 上建议不同的解决方案。一种本地解决方案是使用注释。可以通过配置文件获得全局解决方案。
我已经尝试用 @CrossOrigin 注释控制器,如下面的代码所示:
package com.example.Blogging.api;
import com.example.Blogging.model.Post;
import com.example.Blogging.service.PostService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.*;
import java.util.List;
import java.util.Optional;
import java.util.UUID;
@CrossOrigin(origins = "http://localhost:3000")
@RequestMapping("api/v1/post")
@RestController
public class PostController {
private final PostService postService;
@Autowired
public PostController(PostService postService) {
this.postService = postService;
}
@PostMapping
public void addPost(@RequestBody Post post){
postService.addPost(post);
}
@GetMapping
public List<Post> getAllPosts(){
return postService.getAllPosts();
}
@GetMapping(path = "{id}")
public Optional<Post> getPostById(@PathVariable("id") UUID id){
return postService.getPostById(id);
}
@PutMapping(path="{id}")
public void updatePostById(@PathVariable("id") UUID id, @RequestBody Post post){
postService.updatePost(id,post);
}
@DeleteMapping(path="{id}")
public void deletePostById(@PathVariable("id") UUID id){
postService.deletePost(id);
}
}
这没有用..我也试过在每个方法而不是整个控制器上注释class。
此外,我尝试制作一个配置文件:
package com.example.Blogging.config;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
@Configuration
@EnableWebMvc
public class WebConfig extends WebMvcConfigurerAdapter {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedOrigins("*");
}
}
似乎没有任何效果。我浏览器中的控制台一直显示响应 header..
中缺少 'access-control-allow-origin'作为参考,我也会把我的pom.xml放在下面:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.5.2</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>com.example</groupId>
<artifactId>Blogging</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>Blogging</name>
<description>Demo project for Spring Boot</description>
<properties>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
<scope>runtime</scope>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<!-- SPRING SECURITY -->
<!--<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<scope>test</scope>
</dependency>-->
<!-- SPRING BOOT STARTER SECURITY -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-jdbc</artifactId>
</dependency>
<dependency>
<groupId>org.postgresql</groupId>
<artifactId>postgresql</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.flywaydb</groupId>
<artifactId>flyway-core</artifactId>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>8.0.25</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-resources-plugin</artifactId>
<version>3.0.2</version>
</plugin>
</plugins>
</build>
</project>
谁能提出解决方案?提前致谢!
我刚注意到,您的依赖项中有 Spring 安全性。 您可能错过了在 WebSecurityConfig 中启用 CORS。
例如。像这样:
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors().and()...
}
}