我使用的是 Tomcat 7。我已按照官方 Tomcat 文档中的建议设置了 native CORS 过滤。
我已经测试了我能做的一切,但它不起作用。鉴于我正在使用一个我知道正在使用 Spring Security 过滤器的供应商应用程序,我想知道这里是否存在已知的错误。
这就是我要说的:
<!-- Spring Security START -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/</url-pattern>
</filter-mapping>
<!-- Spring Security END -->
我已将以下配置添加到 Web.xml:
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
我知道它是最小的,但它应该有效。
我之前也尝试过更长的版本:
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
</init-param>
<init-param>
<param-name>cors.exposed.headers</param-name>
<param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
</init-param>
<init-param>
<param-name>cors.support.credentials</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.preflight.maxage</param-name>
<param-value>10</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
也没有用。
有人有使用 Spring Security 设置 CORS 过滤器的经验吗?
最佳答案
我有类似的配置,关键问题是 Tomcat 的 cors.allowed.headers
初始化参数的默认值中不允许使用 Authorization
header 。所以我只需像这样添加它:
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Authorization,Origin,Accept,X-Requested-With,Content-Type,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
<!-- ^^^^^^^^^^^^^ -->
</init-param>
</filter>
关于jquery - Tomcat CORS 过滤器和 Spring Security,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/31585572/