提问者:小点点

Spring Boot: Cors策略缺少“访问控制允许来源”


错误:我在Firefox中得到以下内容:外国站点查询被阻止:同源策略不允许读取远程资源http:// localhost:8080 / api / v1 / post /。(原因:“访问控制-允许-源”CORS 标头不存在)

我已经花了几个小时允许CORS与我的Spring Boot服务器通信,以使我的REACT UI与服务器通信。关于堆栈溢出,有许多措辞类似的问题,但建议的解决方案中没有一个解决了我的问题。。。

Spring Boot在 https://spring.io/guides/gs/rest-service-cors/ 上提出了不同的解决方案。一个本地解决方案是使用注释。可以使用配置文件获取全局解决方案。

我已经尝试使用@CrossOrigin注释控制器,如下面的代码所示:

package com.example.Blogging.api;

import com.example.Blogging.model.Post;
import com.example.Blogging.service.PostService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.*;

import java.util.List;
import java.util.Optional;
import java.util.UUID;


@CrossOrigin(origins = "http://localhost:3000")
@RequestMapping("api/v1/post")
@RestController
public class PostController {

    private final PostService postService;

    @Autowired
    public PostController(PostService postService) {
        this.postService = postService;
    }


    @PostMapping
    public void addPost(@RequestBody Post post){
        postService.addPost(post);

    }

    @GetMapping
    public List<Post> getAllPosts(){
        return postService.getAllPosts();

    }

    @GetMapping(path = "{id}")
    public Optional<Post> getPostById(@PathVariable("id") UUID id){
        return postService.getPostById(id);

    }

    @PutMapping(path="{id}")
    public void updatePostById(@PathVariable("id") UUID id, @RequestBody Post post){
        postService.updatePost(id,post);
    }


    @DeleteMapping(path="{id}")
    public void deletePostById(@PathVariable("id") UUID id){
        postService.deletePost(id);
    }


}

这不起作用。我还尝试对每个方法而不是整个控制器类进行注释。

此外,我尝试创建一个配置文件:

package com.example.Blogging.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;

@Configuration
@EnableWebMvc
public class WebConfig extends WebMvcConfigurerAdapter {

    @Override
    public void addCorsMappings(CorsRegistry registry) {
        registry.addMapping("/**")
        .allowedOrigins("*");
    }
}

似乎什么都不管用。我的浏览器中的控制台一直在说“access control allow origin”在响应标题中缺失。。

作为参考,我也将我的pom.xml放在下面:

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>2.5.2</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>
    <groupId>com.example</groupId>
    <artifactId>Blogging</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <name>Blogging</name>
    <description>Demo project for Spring Boot</description>
    <properties>
        <java.version>1.8</java.version>
    </properties>
    <dependencies>



        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-devtools</artifactId>
            <scope>runtime</scope>
            <optional>true</optional>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>

        <!-- SPRING SECURITY -->
        <!--<dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-web</artifactId>
            <scope>test</scope>
        </dependency>-->



        <!-- SPRING BOOT STARTER SECURITY -->
        <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-security</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-jdbc</artifactId>
        </dependency>

        <dependency>
            <groupId>org.postgresql</groupId>
            <artifactId>postgresql</artifactId>
            <scope>runtime</scope>
        </dependency>

        <dependency>
            <groupId>org.flywaydb</groupId>
            <artifactId>flyway-core</artifactId>
        </dependency>

        <dependency>
            <groupId>mysql</groupId>
            <artifactId>mysql-connector-java</artifactId>
            <version>8.0.25</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>

    </dependencies>

    <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
            </plugin>

            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-resources-plugin</artifactId>
                <version>3.0.2</version>
            </plugin>

        </plugins>
    </build>

</project>

谁能建议一个解决方案?提前感谢!


共1个答案

匿名用户

我刚刚注意到,您的依赖项中有Spring Security。您可能错过了在WebSecurityConfig中启用CORS。

像这样的:

@EnableWebSecurity
    public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http.cors().and()...
        }
    }