java - Spring 启动 : Cors policy missing 'access-control-allow-origin'

Question

错误:我在 Firefox 中得到以下信息:Foreign Site Query Blocked:同源策略不允许读取远程资源 http://localhost:8080/api/v1/post/。 (原因:'Access-Control-Allow-Origin' CORS header 不存在)

我花了几个小时允许 CORS 与我的 Spring Boot 服务器通信，以使我的 REACT UI 与服务器通信。 Stack Overflow 上有很多措辞相似的问题，但没有一个建议的解决方案解决了我的问题...

Spring Boot 在 https://spring.io/guides/gs/rest-service-cors/ 上提出了不同的解决方案.一种本地解决方案是使用注释。可以通过配置文件获得全局解决方案。

我已经尝试使用 @CrossOrigin 注释 Controller ，如下面的代码所示:

package com.example.Blogging.api;

import com.example.Blogging.model.Post;
import com.example.Blogging.service.PostService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.*;

import java.util.List;
import java.util.Optional;
import java.util.UUID;


@CrossOrigin(origins = "http://localhost:3000")
@RequestMapping("api/v1/post")
@RestController
public class PostController {

    private final PostService postService;

    @Autowired
    public PostController(PostService postService) {
        this.postService = postService;
    }


    @PostMapping
    public void addPost(@RequestBody Post post){
        postService.addPost(post);

    }

    @GetMapping
    public List<Post> getAllPosts(){
        return postService.getAllPosts();

    }

    @GetMapping(path = "{id}")
    public Optional<Post> getPostById(@PathVariable("id") UUID id){
        return postService.getPostById(id);

    }

    @PutMapping(path="{id}")
    public void updatePostById(@PathVariable("id") UUID id, @RequestBody Post post){
        postService.updatePost(id,post);
    }


    @DeleteMapping(path="{id}")
    public void deletePostById(@PathVariable("id") UUID id){
        postService.deletePost(id);
    }


}

这没有用。我还尝试在每个方法而不是整个 Controller 类上进行注释。

此外，我尝试制作一个配置文件:

package com.example.Blogging.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;

@Configuration
@EnableWebMvc
public class WebConfig extends WebMvcConfigurerAdapter {

    @Override
    public void addCorsMappings(CorsRegistry registry) {
        registry.addMapping("/**")
        .allowedOrigins("*");
    }
}

似乎没有任何效果。我浏览器中的控制台一直显示响应 header 中缺少“access-control-allow-origin”。

作为引用，我还将我的 pom.xml 放在下面:

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>2.5.2</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>
    <groupId>com.example</groupId>
    <artifactId>Blogging</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <name>Blogging</name>
    <description>Demo project for Spring Boot</description>
    <properties>
        <java.version>1.8</java.version>
    </properties>
    <dependencies>



        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-devtools</artifactId>
            <scope>runtime</scope>
            <optional>true</optional>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>

        <!-- SPRING SECURITY -->
        <!--<dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-web</artifactId>
            <scope>test</scope>
        </dependency>-->



        <!-- SPRING BOOT STARTER SECURITY -->
        <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-security</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-jdbc</artifactId>
        </dependency>

        <dependency>
            <groupId>org.postgresql</groupId>
            <artifactId>postgresql</artifactId>
            <scope>runtime</scope>
        </dependency>

        <dependency>
            <groupId>org.flywaydb</groupId>
            <artifactId>flyway-core</artifactId>
        </dependency>

        <dependency>
            <groupId>mysql</groupId>
            <artifactId>mysql-connector-java</artifactId>
            <version>8.0.25</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>

    </dependencies>

    <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
            </plugin>

            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-resources-plugin</artifactId>
                <version>3.0.2</version>
            </plugin>

        </plugins>
    </build>

</project>

谁能提出解决方案？提前致谢!

Answer 1

我刚刚注意到，您的依赖项中有 Spring Security。 您可能错过了在 WebSecurityConfig 中启用 CORS。

例如。像这样:

@EnableWebSecurity
    public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http.cors().and()...
        }
    }