错误:我在Firefox中得到以下内容:外国站点查询被阻止:同源策略不允许读取远程资源http:// localhost:8080 / api / v1 / post /。(原因:“访问控制-允许-源”CORS 标头不存在)
我已经花了几个小时允许CORS与我的Spring Boot服务器通信,以使我的REACT UI与服务器通信。关于堆栈溢出,有许多措辞类似的问题,但建议的解决方案中没有一个解决了我的问题。。。
Spring Boot在 https://spring.io/guides/gs/rest-service-cors/ 上提出了不同的解决方案。一个本地解决方案是使用注释。可以使用配置文件获取全局解决方案。
我已经尝试使用@CrossOrigin
注释控制器,如下面的代码所示:
package com.example.Blogging.api;
import com.example.Blogging.model.Post;
import com.example.Blogging.service.PostService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.*;
import java.util.List;
import java.util.Optional;
import java.util.UUID;
@CrossOrigin(origins = "http://localhost:3000")
@RequestMapping("api/v1/post")
@RestController
public class PostController {
private final PostService postService;
@Autowired
public PostController(PostService postService) {
this.postService = postService;
}
@PostMapping
public void addPost(@RequestBody Post post){
postService.addPost(post);
}
@GetMapping
public List<Post> getAllPosts(){
return postService.getAllPosts();
}
@GetMapping(path = "{id}")
public Optional<Post> getPostById(@PathVariable("id") UUID id){
return postService.getPostById(id);
}
@PutMapping(path="{id}")
public void updatePostById(@PathVariable("id") UUID id, @RequestBody Post post){
postService.updatePost(id,post);
}
@DeleteMapping(path="{id}")
public void deletePostById(@PathVariable("id") UUID id){
postService.deletePost(id);
}
}
这不起作用。我还尝试对每个方法而不是整个控制器类进行注释。
此外,我尝试创建一个配置文件:
package com.example.Blogging.config;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
@Configuration
@EnableWebMvc
public class WebConfig extends WebMvcConfigurerAdapter {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedOrigins("*");
}
}
似乎什么都不管用。我的浏览器中的控制台一直在说“access control allow origin”在响应标题中缺失。。
作为参考,我也将我的pom.xml放在下面:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.5.2</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>com.example</groupId>
<artifactId>Blogging</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>Blogging</name>
<description>Demo project for Spring Boot</description>
<properties>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
<scope>runtime</scope>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<!-- SPRING SECURITY -->
<!--<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<scope>test</scope>
</dependency>-->
<!-- SPRING BOOT STARTER SECURITY -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-jdbc</artifactId>
</dependency>
<dependency>
<groupId>org.postgresql</groupId>
<artifactId>postgresql</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.flywaydb</groupId>
<artifactId>flyway-core</artifactId>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>8.0.25</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-resources-plugin</artifactId>
<version>3.0.2</version>
</plugin>
</plugins>
</build>
</project>
谁能建议一个解决方案?提前感谢!
我刚刚注意到,您的依赖项中有Spring Security。您可能错过了在WebSecurityConfig中启用CORS。
像这样的:
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors().and()...
}
}