我正在使用 Spring Boot 为一个带有 Angular 应用程序的简单 REST Controller 提供服务。我配置了全局 CORS 策略:
@Bean
public WebMvcConfigurer corsConfigurer() {
return new WebMvcConfigurer() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedOrigins("*")
.allowedMethods("GET", "PUT", "POST", "PATCH", "OPTIONS");
}
};
}
现在,使用纯 HTTP 时效果很好,但是如果我在 application.properties
中配置 TLS,如下所示:
server.port=8443
server.ssl.key-store=src/main/resources/keystore.p12
server.ssl.key-store-password=password
server.ssl.key-store-type=PKCS12
请求被阻止。角度控制台向我显示 CORS 失败了。
为什么调用https://localhost:8443/test失败但调用 http://localhost:8080/test 时成功并且没有配置 TLS?
我阅读了完整的文档。
更新
这是控制台记录的错误消息:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://localhost:8443/test. (Reason: CORS request did not succeed).
最佳答案
在类级别进行 cors 配置,如下所示(显式地允许允许 Cors-Origin):
@Component
@Order(Ordered.HIGHEST_PRECEDENCE)
public class MyCorsConfig implements Filter {
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
final HttpServletResponse response = (HttpServletResponse) res;
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Methods", "POST, PUT, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Allow-Headers", "Authorization, Content-Type, enctype");
response.setHeader("Access-Control-Max-Age", "3600");
if (HttpMethod.OPTIONS.name().equalsIgnoreCase(((HttpServletRequest) req).getMethod())) {
response.setStatus(HttpServletResponse.SC_OK);
} else {
chain.doFilter(req, res);
}
}
@Override
public void destroy() {
}
@Override
public void init(FilterConfig config) throws ServletException {
}
}
关于java - Spring Boot CORS 与 HTTPS 失败,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/58115578/