我已经允许 @CrossOrigin(origins="*") 注释,但它仍然不起作用。谁能告诉我这里有啥问题?
Posted
技术标签:
【中文标题】我已经允许 @CrossOrigin(origins="*") 注释,但它仍然不起作用。谁能告诉我这里有啥问题?【英文标题】:I have allowed @CrossOrigin(origins="*") annotation but it still doesnot work. Can anybody tell me what is wrong here?我已经允许 @CrossOrigin(origins="*") 注释,但它仍然不起作用。谁能告诉我这里有什么问题? 【发布时间】:2020-08-26 01:22:57 【问题描述】:从源“http://localhost:4200”访问“http://localhost:8084/Restaurent_Management/rest/admin/search/1001”处的 XMLHttpRequest 已被 CORS 策略阻止:对预检请求的响应未通过访问控制检查:没有“Access-Control-Allow-Origin”标头出现在请求的资源上。
我在前端使用 Angular,在后端使用 java。
这是我的控制器
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;
import com.cg.rm.entities.Admin;
import com.cg.rm.service.AdminService;
import com.cg.rm.service.CustomerService;
import com.cg.rm.entities.Customer;
@RestController
@CrossOrigin(origins = "*") //This is not working
public class RestaurentController
@Autowired
CustomerService customerService;
@Autowired
AdminService adminService;
@RequestMapping(value ="/admin/search/id",headers="Accept=application/json",method = RequestMethod.GET)
public Admin searchAdmin(@PathVariable("id") int id)
System.out.println("In search");
return adminService.searchAdmin(id);
@RequestMapping(value = "/customer",method = RequestMethod.GET,headers="Accept=application/json")
public List<Customer> getAllCustomer(Model model)
return customerService.getAllCustomer();
@RequestMapping(value = "/customer/delete/id",
headers="Accept=application/json",method = RequestMethod.DELETE)
public List<Customer> deleteEmployee(@PathVariable("id") int id)
System.out.println(id);
customerService.deleteCustomer(id);
return customerService.getAllCustomer();
@RequestMapping(value ="/customer/create/",consumes = MediaType.APPLICATION_JSON_VALUE,headers="Accept=application/json",method = RequestMethod.POST)
public List<Customer> createCustomer(@RequestBody Customer cust)
System.out.println("hiiii");
System.out.println(cust);
customerService.addCustomer(cust);
return customerService.getAllCustomer();
@RequestMapping(value ="/customer/search/id",headers="Accept=application/json",method = RequestMethod.GET)
public Customer searchCustomer(@PathVariable("id") int id)
System.out.println("In search");
return customerService.searchCustomer(id);
@RequestMapping(value ="/customer/update/",consumes = MediaType.APPLICATION_JSON_VALUE,headers="Accept=application/json",method = RequestMethod.PUT)
public List<Customer> updateCustomer(@RequestBody Customer cust)
System.out.println("Update");
System.out.println(cust);
customerService.updateCustomer(cust);
return customerService.getAllCustomer();
这是调度程序 servlet
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd">
<!-- To enable Spring Components -->
<context:component-scan base-package="com.cg.rm" />
<!-- Mapping for Spring ViewResolver -->
<mvc:annotation-driven/>
</beans>
【问题讨论】:
您的路径以rest
开头。路径设置在哪里?它应该在 Controller 类中为 @RequestMapping(value = "/rest")
【参考方案1】:
如果您使用的是 Spring Security,请记住在 Spring Security 级别启用 CORS
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter
@Override
protected void configure(HttpSecurity http) throws Exception
http.cors().and()...
来源:https://spring.io/blog/2015/06/08/cors-support-in-spring-framework
但是
如果您使用的是 Tomcat 而不是 SpringBoot 的嵌入式 Tomcat,那么您可能应该在 Tomcat 级别上设置 CORS Set CORS header in Tomcat
【讨论】:
以上是关于我已经允许 @CrossOrigin(origins="*") 注释,但它仍然不起作用。谁能告诉我这里有啥问题?的主要内容,如果未能解决你的问题,请参考以下文章
HTML5 script 标签的 crossorigin 属性到底有啥用
@CrossOrigin(origins = "*" ) 不适用于 Springboot + React 应用程序
即使在使用 @CrossOrigin(origins="*") 注释控制器后,跨域请求也会被阻止?