Spring CORS 'Access-Control-Allow-Origin'헤더가 없습니다.
web.xml을 Java 구성으로 이식 한 후 다음과 같은 문제가 발생합니다.
No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:63342' is therefore not allowed access.
몇 가지 Spring 참조를 기반으로 다음 시도가 시도되었습니다.
@Configuration
@ComponentScan(basePackageClasses = AppConfig.class, useDefaultFilters = false, includeFilters = {
@Filter(org.springframework.stereotype.Controller.class) })
@EnableWebMvc
public class WebConfig extends WebMvcConfigurerAdapter {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/*").allowedOrigins("*").allowedMethods("GET", "POST", "OPTIONS", "PUT")
.allowedHeaders("Content-Type", "X-Requested-With", "accept", "Origin", "Access-Control-Request-Method",
"Access-Control-Request-Headers")
.exposedHeaders("Access-Control-Allow-Origin", "Access-Control-Allow-Credentials")
.allowCredentials(true).maxAge(3600);
}
}
선택한 값은 작동중인 web.xml 필터에서 가져 왔습니다.
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
</init-param>
<init-param>
<param-name>cors.exposed.headers</param-name>
<param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
</init-param>
<init-param>
<param-name>cors.support.credentials</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.preflight.maxage</param-name>
<param-value>10</param-value>
</init-param> </filter> <filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
Spring Java 구성 접근 방식이 web.xml 파일처럼 작동하지 않는 이유는 무엇입니까?
CorsMapping을 registry.addMapping("/*")에서 registry.addMapping("/**")in addCorsMappings메소드로 변경하십시오 .
이 Spring CORS 문서를 확인하십시오 .
로부터 문서 -
전체 애플리케이션에 대해 CORS를 활성화하는 것은 다음과 같이 간단합니다.
@Configuration
@EnableWebMvc
public class WebConfig extends WebMvcConfigurerAdapter {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**");
}
}
속성을 쉽게 변경할 수있을뿐만 아니라이 CORS 구성을 특정 경로 패턴에만 적용 할 수 있습니다.
@Configuration
@EnableWebMvc
public class WebConfig extends WebMvcConfigurerAdapter {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/api/**")
.allowedOrigins("http://domain2.com")
.allowedMethods("PUT", "DELETE")
.allowedHeaders("header1", "header2", "header3")
.exposedHeaders("header1", "header2")
.allowCredentials(false).maxAge(3600);
}
}
@RestController
@RequestMapping("/account")
public class AccountController {
@CrossOrigin
@RequestMapping("/{id}")
public Account retrieve(@PathVariable Long id) {
// ...
}
}
전체 컨트롤러에 대해 CORS를 활성화하려면-
@CrossOrigin(origins = "http://domain2.com", maxAge = 3600)
@RestController
@RequestMapping("/account")
public class AccountController {
@RequestMapping("/{id}")
public Account retrieve(@PathVariable Long id) {
// ...
}
@RequestMapping(method = RequestMethod.DELETE, path = "/{id}")
public void remove(@PathVariable Long id) {
// ...
}
}
컨트롤러 수준 및 메서드 수준 CORS 구성을 모두 사용할 수도 있습니다. 그런 다음 Spring은 병합 된 CORS 구성을 생성하기 위해 두 주석의 속성을 결합합니다.
@CrossOrigin(maxAge = 3600)
@RestController
@RequestMapping("/account")
public class AccountController {
@CrossOrigin("http://domain2.com")
@RequestMapping("/{id}")
public Account retrieve(@PathVariable Long id) {
// ...
}
@RequestMapping(method = RequestMethod.DELETE, path = "/{id}")
public void remove(@PathVariable Long id) {
// ...
}
}
우리는 같은 문제가 있었고 다음과 같이 Spring의 XML 구성을 사용하여 해결했습니다.
컨텍스트 xml 파일에 추가하십시오.
<mvc:cors>
<mvc:mapping path="/**"
allowed-origins="*"
allowed-headers="Content-Type, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Authorization, X-Requested-With, requestId, Correlation-Id"
allowed-methods="GET, PUT, POST, DELETE"/>
</mvc:cors>
유용한 팁-Spring 데이터 나머지를 사용하는 경우 다른 접근 방식이 필요합니다.
@Component
public class SpringDataRestCustomization extends RepositoryRestConfigurerAdapter {
@Override
public void configureRepositoryRestConfiguration(RepositoryRestConfiguration config) {
config.getCorsRegistry().addMapping("/**")
.allowedOrigins("http://localhost:9000");
}
}
Spring Security ver> = 4.2를 사용하는 경우 Apache를 포함하는 대신 Spring Security의 기본 지원을 사용할 수 있습니다.
@Configuration
@EnableWebMvc
public class WebConfig extends WebMvcConfigurerAdapter {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**");
}
}
위의 예 는 컨트롤러에서 CORS를 구성하는 방법, 특정 컨트롤러 메서드 등에 대한 정보를 찾을 수 있는 Spring 블로그 게시물 에서 복사되었습니다 . 또한 XML 구성 예제와 Spring Boot 통합도 있습니다.
Following on Omar's answer, I created a new class file in my REST API project called WebConfig.java with this configuration:
@Configuration
@EnableWebMvc
public class WebConfig extends WebMvcConfigurerAdapter {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**").allowedOrigins("*");
}
}
This allows any origin to access the API and applies it to all controllers in the Spring project.
Omkar's answer is quite comprehensive.
But some part of the Global config part has changed.
According to the spring boot 2.0.2.RELEASE reference
As of version 4.2, Spring MVC supports CORS. Using controller method CORS configuration with @CrossOrigin annotations in your Spring Boot application does not require any specific configuration. Global CORS configuration can be defined by registering a WebMvcConfigurer bean with a customized addCorsMappings(CorsRegistry) method, as shown in the following example:
@Configuration
public class MyConfiguration {
@Bean
public WebMvcConfigurer corsConfigurer() {
return new WebMvcConfigurer() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/api/**");
}
};
}
}
Most answer in this post using WebMvcConfigurerAdapter, however
The type WebMvcConfigurerAdapter is deprecated
Since Spring 5 you just need to implement the interface WebMvcConfigurer:
public class MvcConfig implements WebMvcConfigurer {This is because Java 8 introduced default methods on interfaces which cover the functionality of the WebMvcConfigurerAdapter class
I also had messages like No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:63342' is therefore not allowed access.
I had configured cors properly, but what was missing in webflux in RouterFuncion was accept and contenttype headers APPLICATION_JSON like in this piece of code:
@Bean
RouterFunction<ServerResponse> routes() {
return route(POST("/create")
.and(accept(APPLICATION_JSON))
.and(contentType(APPLICATION_JSON)), serverRequest -> create(serverRequest);
}
as @Geoffrey pointed out, with spring security, you need a different approach as described here: Spring Boot Security CORS
For some reason, if still somebody not able to bypass CORS, write the header which browser wants to access your request.
Add this bean inside your configuration file.
@Bean
public WebSecurityConfigurerAdapter webSecurity() {
return new WebSecurityConfigurerAdapter() {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.headers().addHeaderWriter(
new StaticHeadersWriter("Access-Control-Allow-Origin", "*"));
}
};
}
This way we can tell the browser we are allowing cross-origin from all origin. if you want to restrict from specific path then change the "*" to {'http://localhost:3000',""}.
Helpfull reference to understand this behaviour https://www.concretepage.com/spring-4/spring-4-rest-cors-integration-using-crossorigin-annotation-xml-filter-example
'Programing' 카테고리의 다른 글
| Git에서 .classpath 및 .project 무시 (0) | 2020.11.18 |
|---|---|
| 작업자 역할과 웹 작업 (0) | 2020.11.18 |
| reduce ()의 문제점은 무엇입니까? (0) | 2020.11.18 |
| jQuery에서 oncut, oncopy 및 onpaste를 어떻게 처리합니까? (0) | 2020.11.18 |
| Mercurial 무시 파일 (0) | 2020.11.18 |