提问者:小点点

< Spring Boot >请求的资源上不存在“访问控制允许来源”标头


我在这里开始失去理智。我的项目在Spring boot和React上运行,我正在尝试实现注销功能。我想让它工作:

  1. 用户已登录。
  2. 用户单击注销
  3. JWT令牌cookie被删除,用户被重定向到localhost:3000

从反应应用程序(localhost:3000),我想调用Spring Boot服务器(localhost:8080/exit)上的“/out”endpoint。除了我的实现之外,cors没有其他问题(从服务器获取数据、登录或注册用户时没有错误)。

以下是代码(Spring Boot):

(UserController.java)

    @RequestMapping("/exit")
    public void exit(HttpServletRequest request, HttpServletResponse response) {
        // token can be revoked here if needed
        new SecurityContextLogoutHandler().logout(request, null, null);
        try {
            //sending back to client app
            response.sendRedirect(request.getHeader("referer"));
            System.out.println("called logout endpoint");
        } catch (IOException e) {
            e.printStackTrace();
        }
    }
}

(安全配置.java)

 @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.cors();
        http.csrf().disable();
        http.authorizeRequests();
        http.sessionManagement().sessionCreationPolicy(STATELESS);
        http.authorizeRequests().antMatchers("/login/**", "/register/**").permitAll();
        http.authorizeRequests().antMatchers("/student/**").hasAuthority(Role.STUDENT.getCode());
        http.authorizeRequests().antMatchers("/teacher/**").hasAuthority(Role.TEACHER.getCode());
        http.authorizeRequests().antMatchers("/coordinator/**").hasAnyAuthority(Role.COORDINATOR.getCode(), Role.ADMIN.getCode());
        http.authorizeRequests().antMatchers("/admin/**").hasAuthority(Role.ADMIN.getCode());
        http.authorizeRequests().antMatchers("/exit").permitAll();
        http.authorizeRequests().anyRequest().authenticated();
        http
                .logout()
                .logoutUrl("/exit")
                .deleteCookies("access_token")
                .logoutSuccessUrl("http://localhost:3000");
        http.addFilter(new CustomAuthenticationFilter(authenticationManagerBean(), jwtAlgorithm(), userRepository));
        http.addFilterBefore(new CustomAuthorizationFilter(userDetailsService, jwtAlgorithm()), UsernamePasswordAuthenticationFilter.class);
    }

(安全配置.java)

    @Bean
    public CorsConfigurationSource corsConfigurationSource() {
        final CorsConfiguration configuration = new CorsConfiguration();
        configuration.setAllowedOrigins(List.of("http://localhost:3000/", "http://localhost:3000"));
        configuration.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "PUT", "OPTIONS", "PATCH", "DELETE"));
        configuration.setAllowedHeaders(List.of("Authorization", "Cache-Control", "Content-Type", "Access-Control-Allow-Origin"));
        configuration.setAllowCredentials(true);
        configuration.setExposedHeaders(List.of("Authorization", "Access-Control-Allow-Origin"));
        final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", configuration);
        return source;
    }

我只想摆脱这该死的东西

在“中”访问XMLHttpRequesthttp://localhost:3000/'(从'http://localhost:8080/exit“)来源”http://localhost:3000'已被CORS策略阻止:请求的资源上不存在'Access Control Allow Origin'标头。

错误。基本上没有完全关闭cors。

我浏览了这里的大多数帖子,问了类似的问题,但没有找到答案。什么都没用。误差保持不变。

你能帮我吗?谢谢你。


共1个答案

匿名用户

它必须与response.sendRedirect行相关。使用此命令,就好像您已从服务器端向客户端发送了请求。因此CORS策略再次发挥作用。我没有使用React的经验,但我认为您需要配置运行React应用程序的WebServer。或者,您可以返回200 OK并在客户端进行此重定向,而不是sendReDirect。