Jersey - 对预检请求的响应未通过访问控制检查:否 'Access-Control-Allow-Origin'
Jersey - Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin'
错误截图:
下面是我的APIclass,其中我写了@OPTIONS方法的代码
@OPTIONS
public Response OptionsFirstRequst(){
return Response.ok()
.header("Access-Control-Allow-Origin", "*")
.header("Access-Control-Allow-Methods", "*")
.header("Access-Control-Allow-Headers", "*").build();
}
我创建了一个名为 Response Builder 的 class,我使用它为每个请求发送响应。
以下是 Response Builder class 的代码:
public class ResponseBuilder {
public int status;
public HashMap data;
public String error;
public static Response ok(int Status_code, HashMap<String, String> data, String Response_error) {
if (data == null) {
data = new HashMap();
}
ResponseBuilder response = new ResponseBuilder();
response.status = Status_code;
response.data = data;
response.error = Response_error;
return Response.status(Status_code).entity(response)
.header("Access-Control-Allow-Origin", "*")
.header("Access-Control-Allow-Methods", "*")
.header("Access-Control-Allow-Headers", "*").build();
}
public static Response error(int Status_code, HashMap<String, String> data, String Response_error) {
if (data == null) {
data = new HashMap();
}
ResponseBuilder response = new ResponseBuilder();
response.status = Status_code;
response.data = data;
response.error = Response_error;
response.data = new HashMap();
return Response.status(Status_code).entity(response)
.header("Access-Control-Allow-Origin", "*")
.header("Access-Control-Allow-Methods", "*")
.header("Access-Control-Allow-Headers", "*").build();
}
}
我还有一个请求过滤器,用于验证每个请求的令牌,登录除外。
我能够登录、生成令牌并将其返回给浏览器。
但是登录后如果我点击个人资料。
我收到的响应为 200(如浏览器的 dev-tools 网络所示),但我没有收到任何 data/correct 响应。
我收到以下错误。
对预检请求的响应未通过访问控制检查:请求的资源上不存在 'Access-Control-Allow-Origin' header。
要检查和添加 CORS headers,一个常见的解决方案是使用 javax.ws.rs.container.ContainerResponseFilter。这是一个示例,其中允许的来源配置为 class ApplicationConfig.accessControlAllowedOrigins:
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerResponseContext;
import javax.ws.rs.container.ContainerResponseFilter;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.ext.Provider;
import java.io.IOException;
@Provider
public class ResponseCorsFilter implements ContainerResponseFilter {
@Override
public void filter(ContainerRequestContext requestContext,
ContainerResponseContext responseContext) throws IOException {
MultivaluedMap<String, Object> responseHeaders = responseContext.getHeaders();
String origin = requestContext.getHeaderString("Origin");
if (null != origin &&
(ApplicationConfig.accessControlAllowedOrigins.contains(origin) ||
ApplicationConfig.accessControlAllowedOrigins.contains("*"))) {
responseHeaders.putSingle("Access-Control-Allow-Origin", origin);
responseHeaders.putSingle("Access-Control-Allow-Methods",
"GET, POST, OPTIONS, PUT, DELETE, HEAD");
String reqHead = requestContext.getHeaderString(
"Access-Control-Request-Headers");
if (null != reqHead && !reqHead.equals("")) {
responseHeaders.putSingle("Access-Control-Allow-Headers", reqHead);
}
}
}
}
错误截图:
下面是我的APIclass,其中我写了@OPTIONS方法的代码
@OPTIONS
public Response OptionsFirstRequst(){
return Response.ok()
.header("Access-Control-Allow-Origin", "*")
.header("Access-Control-Allow-Methods", "*")
.header("Access-Control-Allow-Headers", "*").build();
}
我创建了一个名为 Response Builder 的 class,我使用它为每个请求发送响应。 以下是 Response Builder class 的代码:
public class ResponseBuilder {
public int status;
public HashMap data;
public String error;
public static Response ok(int Status_code, HashMap<String, String> data, String Response_error) {
if (data == null) {
data = new HashMap();
}
ResponseBuilder response = new ResponseBuilder();
response.status = Status_code;
response.data = data;
response.error = Response_error;
return Response.status(Status_code).entity(response)
.header("Access-Control-Allow-Origin", "*")
.header("Access-Control-Allow-Methods", "*")
.header("Access-Control-Allow-Headers", "*").build();
}
public static Response error(int Status_code, HashMap<String, String> data, String Response_error) {
if (data == null) {
data = new HashMap();
}
ResponseBuilder response = new ResponseBuilder();
response.status = Status_code;
response.data = data;
response.error = Response_error;
response.data = new HashMap();
return Response.status(Status_code).entity(response)
.header("Access-Control-Allow-Origin", "*")
.header("Access-Control-Allow-Methods", "*")
.header("Access-Control-Allow-Headers", "*").build();
}
}
我还有一个请求过滤器,用于验证每个请求的令牌,登录除外。
我能够登录、生成令牌并将其返回给浏览器。 但是登录后如果我点击个人资料。
我收到的响应为 200(如浏览器的 dev-tools 网络所示),但我没有收到任何 data/correct 响应。
我收到以下错误。
对预检请求的响应未通过访问控制检查:请求的资源上不存在 'Access-Control-Allow-Origin' header。
要检查和添加 CORS headers,一个常见的解决方案是使用 javax.ws.rs.container.ContainerResponseFilter。这是一个示例,其中允许的来源配置为 class ApplicationConfig.accessControlAllowedOrigins:
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerResponseContext;
import javax.ws.rs.container.ContainerResponseFilter;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.ext.Provider;
import java.io.IOException;
@Provider
public class ResponseCorsFilter implements ContainerResponseFilter {
@Override
public void filter(ContainerRequestContext requestContext,
ContainerResponseContext responseContext) throws IOException {
MultivaluedMap<String, Object> responseHeaders = responseContext.getHeaders();
String origin = requestContext.getHeaderString("Origin");
if (null != origin &&
(ApplicationConfig.accessControlAllowedOrigins.contains(origin) ||
ApplicationConfig.accessControlAllowedOrigins.contains("*"))) {
responseHeaders.putSingle("Access-Control-Allow-Origin", origin);
responseHeaders.putSingle("Access-Control-Allow-Methods",
"GET, POST, OPTIONS, PUT, DELETE, HEAD");
String reqHead = requestContext.getHeaderString(
"Access-Control-Request-Headers");
if (null != reqHead && !reqHead.equals("")) {
responseHeaders.putSingle("Access-Control-Allow-Headers", reqHead);
}
}
}
}