我在这里开始失去理智。我的项目在Spring boot和React上运行,我正在尝试实现注销功能。我想让它工作:
从反应应用程序(localhost:3000),我想调用Spring Boot服务器(localhost:8080/exit)上的“/out”endpoint。除了我的实现之外,cors没有其他问题(从服务器获取数据、登录或注册用户时没有错误)。
以下是代码(Spring Boot):
(UserController.java)
@RequestMapping("/exit")
public void exit(HttpServletRequest request, HttpServletResponse response) {
// token can be revoked here if needed
new SecurityContextLogoutHandler().logout(request, null, null);
try {
//sending back to client app
response.sendRedirect(request.getHeader("referer"));
System.out.println("called logout endpoint");
} catch (IOException e) {
e.printStackTrace();
}
}
}
(安全配置.java)
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors();
http.csrf().disable();
http.authorizeRequests();
http.sessionManagement().sessionCreationPolicy(STATELESS);
http.authorizeRequests().antMatchers("/login/**", "/register/**").permitAll();
http.authorizeRequests().antMatchers("/student/**").hasAuthority(Role.STUDENT.getCode());
http.authorizeRequests().antMatchers("/teacher/**").hasAuthority(Role.TEACHER.getCode());
http.authorizeRequests().antMatchers("/coordinator/**").hasAnyAuthority(Role.COORDINATOR.getCode(), Role.ADMIN.getCode());
http.authorizeRequests().antMatchers("/admin/**").hasAuthority(Role.ADMIN.getCode());
http.authorizeRequests().antMatchers("/exit").permitAll();
http.authorizeRequests().anyRequest().authenticated();
http
.logout()
.logoutUrl("/exit")
.deleteCookies("access_token")
.logoutSuccessUrl("http://localhost:3000");
http.addFilter(new CustomAuthenticationFilter(authenticationManagerBean(), jwtAlgorithm(), userRepository));
http.addFilterBefore(new CustomAuthorizationFilter(userDetailsService, jwtAlgorithm()), UsernamePasswordAuthenticationFilter.class);
}
(安全配置.java)
@Bean
public CorsConfigurationSource corsConfigurationSource() {
final CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(List.of("http://localhost:3000/", "http://localhost:3000"));
configuration.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "PUT", "OPTIONS", "PATCH", "DELETE"));
configuration.setAllowedHeaders(List.of("Authorization", "Cache-Control", "Content-Type", "Access-Control-Allow-Origin"));
configuration.setAllowCredentials(true);
configuration.setExposedHeaders(List.of("Authorization", "Access-Control-Allow-Origin"));
final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
我只想摆脱这该死的东西
在“中”访问XMLHttpRequesthttp://localhost:3000/'(从'http://localhost:8080/exit“)来源”http://localhost:3000'已被CORS策略阻止:请求的资源上不存在'Access Control Allow Origin'标头。
错误。基本上没有完全关闭cors。
我浏览了这里的大多数帖子,问了类似的问题,但没有找到答案。什么都没用。误差保持不变。
你能帮我吗?谢谢你。
它必须与response.sendRedirect
行相关。使用此命令,就好像您已从服务器端向客户端发送了请求。因此CORS策略
再次发挥作用。我没有使用React的经验,但我认为您需要配置运行React应用程序的WebServer。或者,您可以返回200 OK
并在客户端进行此重定向,而不是sendReDirect。