我已经允许 @CrossOrigin(origins="*") 注释,但它仍然不起作用。谁能告诉我这里有啥问题?

Posted

技术标签:

【中文标题】我已经允许 @CrossOrigin(origins="*") 注释,但它仍然不起作用。谁能告诉我这里有啥问题?【英文标题】:I have allowed @CrossOrigin(origins="*") annotation but it still doesnot work. Can anybody tell me what is wrong here?我已经允许 @CrossOrigin(origins="*") 注释,但它仍然不起作用。谁能告诉我这里有什么问题? 【发布时间】:2020-08-26 01:22:57 【问题描述】:

从源“http://localhost:4200”访问“http://localhost:8084/Restaurent_Management/rest/admin/search/1001”处的 XMLHttpRequest 已被 CORS 策略阻止:对预检请求的响应未通过访问控制检查:没有“Access-Control-Allow-Origin”标头出现在请求的资源上。

我在前端使用 Angular,在后端使用 java。

这是我的控制器

import java.util.List;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;

import com.cg.rm.entities.Admin;
import com.cg.rm.service.AdminService;

import com.cg.rm.service.CustomerService;
import com.cg.rm.entities.Customer;


@RestController
@CrossOrigin(origins = "*") //This is not working
public class RestaurentController 

    @Autowired
    CustomerService customerService;

    @Autowired
    AdminService adminService; 

    @RequestMapping(value ="/admin/search/id",headers="Accept=application/json",method = RequestMethod.GET)
    public Admin searchAdmin(@PathVariable("id") int id) 
        System.out.println("In search");
        return adminService.searchAdmin(id);
    

    @RequestMapping(value = "/customer",method = RequestMethod.GET,headers="Accept=application/json")
    public List<Customer> getAllCustomer(Model model) 
        return customerService.getAllCustomer();
    

    @RequestMapping(value = "/customer/delete/id",
            headers="Accept=application/json",method = RequestMethod.DELETE)
    public List<Customer> deleteEmployee(@PathVariable("id") int id) 
        System.out.println(id);
        customerService.deleteCustomer(id);
        return customerService.getAllCustomer();
    
    @RequestMapping(value ="/customer/create/",consumes = MediaType.APPLICATION_JSON_VALUE,headers="Accept=application/json",method = RequestMethod.POST)
    public List<Customer> createCustomer(@RequestBody Customer cust) 

        System.out.println("hiiii");
        System.out.println(cust);
        customerService.addCustomer(cust);
        return customerService.getAllCustomer();
    
    @RequestMapping(value ="/customer/search/id",headers="Accept=application/json",method = RequestMethod.GET)
    public Customer searchCustomer(@PathVariable("id") int id) 
        System.out.println("In search");
        return customerService.searchCustomer(id);
    
    @RequestMapping(value ="/customer/update/",consumes = MediaType.APPLICATION_JSON_VALUE,headers="Accept=application/json",method = RequestMethod.PUT)
    public List<Customer> updateCustomer(@RequestBody Customer cust) 

        System.out.println("Update");
        System.out.println(cust);
        customerService.updateCustomer(cust);
        return customerService.getAllCustomer();
    


这是调度程序 servlet

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xmlns:context="http://www.springframework.org/schema/context"
    xmlns:mvc="http://www.springframework.org/schema/mvc"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd">


<!-- To enable Spring Components -->
    <context:component-scan base-package="com.cg.rm" />


    <!-- Mapping for Spring ViewResolver  -->
     <mvc:annotation-driven/>

</beans>

【问题讨论】:

您的路径以rest 开头。路径设置在哪里?它应该在 Controller 类中为 @RequestMapping(value = "/rest") 【参考方案1】:

如果您使用的是 Spring Security,请记住在 Spring Security 级别启用 CORS

@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter 

    @Override
    protected void configure(HttpSecurity http) throws Exception 
        http.cors().and()...
    

来源:https://spring.io/blog/2015/06/08/cors-support-in-spring-framework

但是

如果您使用的是 Tomcat 而不是 SpringBoot 的嵌入式 Tomcat,那么您可能应该在 Tomcat 级别上设置 CORS Set CORS header in Tomcat

【讨论】:

以上是关于我已经允许 @CrossOrigin(origins="*") 注释,但它仍然不起作用。谁能告诉我这里有啥问题?的主要内容,如果未能解决你的问题,请参考以下文章

HTML5 script 标签的 crossorigin 属性到底有啥用

@CrossOrigin(origins = "*" ) 不适用于 Springboot + React 应用程序

即使在使用 @CrossOrigin(origins="*") 注释控制器后,跨域请求也会被阻止?

SpringMVC跨域问题

如何在 Spring 3 中进行 @CrossOrigin 注释?

link标签中的integrity和crossorigin字段