我已经允许 @CrossOrigin(origins="*") 注释，但它仍然不起作用。谁能告诉我这里有啥问题？

Posted 2023-02-27

【中文标题】我已经允许 @CrossOrigin(origins="*") 注释，但它仍然不起作用。谁能告诉我这里有啥问题？

【英文标题】：I have allowed @CrossOrigin(origins="*") annotation but it still doesnot work. Can anybody tell me what is wrong here?我已经允许 @CrossOrigin(origins="*") 注释，但它仍然不起作用。谁能告诉我这里有什么问题？

【发布时间】：2020-08-26 01:22:57

【问题描述】：

从源“http://localhost:4200”访问“http://localhost:8084/Restaurent_Management/rest/admin/search/1001”处的 XMLHttpRequest 已被 CORS 策略阻止：对预检请求的响应未通过访问控制检查：没有“Access-Control-Allow-Origin”标头出现在请求的资源上。

我在前端使用 Angular，在后端使用 java。

这是我的控制器

import java.util.List;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;

import com.cg.rm.entities.Admin;
import com.cg.rm.service.AdminService;

import com.cg.rm.service.CustomerService;
import com.cg.rm.entities.Customer;


@RestController
@CrossOrigin(origins = "*") //This is not working
public class RestaurentController 

    @Autowired
    CustomerService customerService;

    @Autowired
    AdminService adminService; 

    @RequestMapping(value ="/admin/search/id",headers="Accept=application/json",method = RequestMethod.GET)
    public Admin searchAdmin(@PathVariable("id") int id) 
        System.out.println("In search");
        return adminService.searchAdmin(id);
    

    @RequestMapping(value = "/customer",method = RequestMethod.GET,headers="Accept=application/json")
    public List<Customer> getAllCustomer(Model model) 
        return customerService.getAllCustomer();
    

    @RequestMapping(value = "/customer/delete/id",
            headers="Accept=application/json",method = RequestMethod.DELETE)
    public List<Customer> deleteEmployee(@PathVariable("id") int id) 
        System.out.println(id);
        customerService.deleteCustomer(id);
        return customerService.getAllCustomer();
    
    @RequestMapping(value ="/customer/create/",consumes = MediaType.APPLICATION_JSON_VALUE,headers="Accept=application/json",method = RequestMethod.POST)
    public List<Customer> createCustomer(@RequestBody Customer cust) 

        System.out.println("hiiii");
        System.out.println(cust);
        customerService.addCustomer(cust);
        return customerService.getAllCustomer();
    
    @RequestMapping(value ="/customer/search/id",headers="Accept=application/json",method = RequestMethod.GET)
    public Customer searchCustomer(@PathVariable("id") int id) 
        System.out.println("In search");
        return customerService.searchCustomer(id);
    
    @RequestMapping(value ="/customer/update/",consumes = MediaType.APPLICATION_JSON_VALUE,headers="Accept=application/json",method = RequestMethod.PUT)
    public List<Customer> updateCustomer(@RequestBody Customer cust) 

        System.out.println("Update");
        System.out.println(cust);
        customerService.updateCustomer(cust);
        return customerService.getAllCustomer();
    

这是调度程序 servlet

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xmlns:context="http://www.springframework.org/schema/context"
    xmlns:mvc="http://www.springframework.org/schema/mvc"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd">


<!-- To enable Spring Components -->
    <context:component-scan base-package="com.cg.rm" />


    <!-- Mapping for Spring ViewResolver  -->
     <mvc:annotation-driven/>

</beans>

【问题讨论】：

您的路径以rest 开头。路径设置在哪里？它应该在 Controller 类中为 @RequestMapping(value = "/rest")

【参考方案1】：

如果您使用的是 Spring Security，请记住在 Spring Security 级别启用 CORS

@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter 

    @Override
    protected void configure(HttpSecurity http) throws Exception 
        http.cors().and()...
    

来源：https://spring.io/blog/2015/06/08/cors-support-in-spring-framework

但是

如果您使用的是 Tomcat 而不是 SpringBoot 的嵌入式 Tomcat，那么您可能应该在 Tomcat 级别上设置 CORS Set CORS header in Tomcat