java - CORS政策: No 'Access-Control-Allow-Origin' header is present on the requested resource Spring Boot Rest API

Question

大家好， 当外部客户端尝试使用我的以下 api“http://host_details/processdocument”(类型为 multipartformdata)时，我收到如下错误日志详细信息所示的错误，但除此之外，所有其他类型为 application/Json 的 API工作正常。 所以请指导我找出我在 CORS 配置中犯的错误。 代码及错误详情如下:

浏览器上看到的错误日志: 访问位于“http://host_details/processdocument”的 XMLHttpRequest '来自原点'http://caller_host:4212 ' 已经 被 CORS 策略阻止:请求的资源上不存在“Access-Control-Allow-Origin” header 。

我正在使用基于 Spring Boot 的应用程序和以下 CORS 配置:

1] CORS 配置详细信息:

@Component
public class SimpleCORSFilter implements Filter {

private final Logger log = LoggerFactory.getLogger(SimpleCORSFilter.class);

public SimpleCORSFilter() {
    log.info("SimpleCORSFilter init");
}

@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {

    HttpServletRequest request = (HttpServletRequest) req;
    HttpServletResponse response = (HttpServletResponse) res;
    log.info(request.getHeader("Origin"));
    response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin"));
    response.setHeader("Access-Control-Allow-Credentials", "true");
    response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
    response.setHeader("Access-Control-Max-Age", "36000");
    response.setHeader("Access-Control-Allow-Headers", "Content-Type, Accept, X-Requested-With, remember-me");

    chain.doFilter(req, res);
}

@Override
public void init(FilterConfig filterConfig) {
}

@Override
public void destroy() {
}

}

2] Rest API Controller 类:

@RequestMapping(value=URLConstants.PROCESS_FILE_FOR_OCR,method=RequestMethod.POST,headers = {"content-type=multipart/mixed","content-type=multipart/form-data"})
    private ResponseEntity<Map<String, Object>> processVisa(
            @RequestPart(value = "file",required=true)  MultipartFile file,
            @RequestPart(value = "applicationId",required=true) String applicationId,
            @RequestPart(value = "fileCategory",required=true) String fileCategory)
    {
        //// implemntation here

    }

3]API控制台中发现请求 header :

Now Multipart
   Request URL: 
http://host_detailas/processdocument
Request Method: 
POST
Status Code: 
500 
Remote Address: 
Remote_address_Url:82
Referrer Policy: 
no-referrer-when-downgrade


Request Headers
Provisional headers are shown
Accept: 
application/json, text/plain, */*
Content-Type: 
multipart/form-data
Origin: 
http://localhost:4222
Referer: 
http://localhost:4222/
User-Agent: 
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/URL Safari/537.36
Request Payload
------WebKitFormBoundaryCljOAWzb4HGBWil4 Content-Disposition: form-data; name="file"; filename="aadharcard.jpg" Content-Type: image/jpeg ------WebKitFormBoundaryCljOAWzb4HGBWil4 Content-Disposition: form-data; name="EmiratesId" Passport ------WebKitFormBoundaryCljOAWzb4HGBWil4 Content-Disposition: form-data; name="applicationId" 123 ------WebKitFormBoundaryCljOAWzb4HGBWil4--
Name

processdocument

Answer 1

那就是cors选项方法问题。您需要授予访问选项方法在安全性上尝试此操作

public class CustomSecurity extends WebSecurityConfigurerAdapter{
@Override
protected void configure(HttpSecurity http) throws Exception { 

      http.csrf()
        .disable()
        .authorizeRequests().antMatchers(HttpMethod.OPTIONS).permitAll() ....

}
}