解决Request header field XXX is not allowed by access-control-allow-headers in preflight response

已于 2022-08-24 13:11:42 修改
阅读量1w 收藏 8
点赞数 4
分类专栏: java 文章标签: java 开发语言
于 2022-08-24 11:59:27 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/HO1_K/article/details/126501541
版权

问题

Access to XMLHttpRequest at ‘http://B.com/path/a’ from origin ‘http://A.com’ has been blocked by CORS policy: Request header field AC-User-Agent is not allowed by Access-Control-Allow-Headers in preflight response.

在这里插入图片描述



产生原因

前后端分离项目,由于老版本项目没有接入网关和微服务,因此需要通过域名加接口地址的方式来直接访问,因此出现以下情况:

网站主域名是A.com,老接口服务的域名是B.com。
在调用老接口服务时,要求前端在header里必须加上AC-User-Agent字段,用于实现老接口业务
在这种情况下,前端在A.com网站上调用B.com,由此产生上述问题



解决方法

由于是跨域调用B.com接口时,未允许使用请求头AC-User-Agent(Request header field AC-User-Agent is not allowed by Access-Control-Allow-Headers),因此需要在B.com的Java代码里面新建一个过滤器,在过滤器中设置AC-User-Agent为合法请求头

@WebFilter("/*")
public class CorsFilter implements Filter {

	@Override
	public void init(FilterConfig filterConfig) throws ServletException {
	}

	@Override
	public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {

		HttpServletResponse resp = (HttpServletResponse) servletResponse;
		HttpServletRequest req = (HttpServletRequest) servletRequest;

		String origin = req.getHeader("Origin");
		resp.setHeader("Access-Control-Allow-Origin", origin);
		resp.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS");
		resp.setHeader("Access-Control-Allow-Headers", "AC-User-Agent, token, content-type");
		resp.setHeader("Access-Control-Allow-Credentials", "true");
		filterChain.doFilter(servletRequest, servletResponse);
	}

	@Override
	public void destroy() {
	}
}
涝山道士
关注
专栏目录
解决Request header field token is not allowed by Access-Control-Allow-Headers in
是日已过,命亦随减的博客
09-28 4586
在入口文件index.php中添加 header('Access-Control-Allow-Origin: *'); header('Access-Control-Allow-Methods: GET, POST, PATCH, PUT, OPTIONS, DELETE'); header('Access-Control-Allow-Headers: *'); 其他添加过的地方全部删除,否则会重复。 如果以这种方式添加则不会生效: $header['Access-Control-Allow-Origin
OPTIONS预检请求及跨域问题(解决Request header field XXX is not allowed by Access-Control-Allow-Headers)
See_Csdn_的博客
10-24 2430
什么是OPTIONS请求 HTTP 的 OPTIONS 方法 用于获取目的资源所支持的通信选项。客户端可以对特定的 URL 使用 OPTIONS 方法,也可以对整站(通过将 URL 设置为“*”)使用该方法。 后端设置请求预处理: log.info("浏览器的请求预处理"); //服务端设置同意任意跨源请求 httpServletResponse.setHeader("Access-Control-Allow-Origin", "*"); //服务端设置支持或允许的请求方式 httpServletR
Java Web 跨域设置
qq_37377082的博客
12-03 321
设置全局过滤器 import javax.servlet.*; import javax.servlet.annotation.WebFilter; import javax.servlet.http.HttpServletResponse; import java.io.IOException; /** * 跨域配置 * @author lijinghua */ @WebFilter(urlPatterns = {"/*"}) public class CorsFilter implements
Request header field Authorization is not allowed by Access-Control-Allow-Headers in preflig问题解决
阿牛哥的博客
10-18 3098
Request header field Authorization is not allowed by Access-Control-Allow-Headers in preflig问题解决
Jeecms跨域 Request header field is not allowed by Access-Control-Allow-Headers in preflight response
tabvla的博客
03-17 1090
Jeecms框架,前后端分离二次开发,前端跨域报错Request header field is not allowed by Access-Control-Allow-Headers in preflight response
跨域问题:Request header field token is not allowed by Access-Control-Allow-Headers in preflight response
小筱在线博客
05-23 4206
Access to XMLHttpRequest at 'http://xxxx' from origin 'http://yyyy has been blocked by CORS policy: Request header field token is not allowed by Access-Control-Allow-Headers in preflight response
解决Request header field bb is not allowed by Access-Control-Allow-Headers in preflight response.】问题
CSDNwangjinwei的博客
06-06 849
请求报头字段在响应中不被Access-Control-Allow-Headers允许,导致出现跨域导致。设置请求头,解决跨域问题。
使用axios的post出现Request header field content-type is not allowed by Access-Control-Allow-Headers问题
Maple_Night的博客
04-20 516
欢迎使用Markdown编辑器 你好! 这是你第一次使用 Markdown编辑器 所展示的欢迎页。如果你想学习如何使用Markdown编辑器, 可以仔细阅读这篇文章,了解一下Markdown的基本语法知识。 新的改变 我们对Markdown编辑器进行了一些功能拓展与语法支持,除了标准的Markdown编辑器功能,我们增加了如下几点新功能,帮助你用它写博客: 全新的界面设计 ,将会带来全新的写作体验; 在创作中心设置你喜爱的代码高亮样式,Markdown 将代码片显示选择的高亮样式 进行展示; 增加了 图片
has been blocked by CORS policy: Request header field tyyhtoken is not allowed by Access-Control-Allow-Headers in preflight response.
09-28
"has been blocked by CORS policy: Request header field tyyhtoken is not allowed by Access-Control-Allow-Headers in preflight response." 表示在发送跨域请求时,服务端不允许请求头中包含名为 "tyyhtoken" ...
Request header field access-control-allow-origin is not allowed by Access-Control-Allow-Headers in preflight response.
09-20
Request header field access-control-allow-origin is not allowed by Access-Control-Allow-Headers in preflight response. 是一个错误信息,它表明在预检请求的响应中不允许使用access-control-allow-origin这个...
CROS 预检请求 异常解决方法 authorization is not allowed by Access-Control-Allow-Headers in preflight response
最新发布
05-30 487
CROS 预检请求 异常解决方法 has been blocked by CORS policy: Request header field authorization is not allowed by Access-Control-Allow-Headers in preflight response.
Request header field * is not allowed by Access-Control-Allow-Headers in preflight response问题解决
古柏树下的博客
06-13 3万+
跨域问题 报错信息为:Failed to load http://localhost:8080/jfly.openapi/produce/listMachFeedingBoard/v1: Request header field Content-Type is not allowed by Access-Control-Allow-Headers in preflight response. ...
Request header field userRole is not allowed by Access-Control-Allow-Headers in preflight response.
奔跑的痕迹的博客
03-06 568
使用一个axios 遇到同事设置的请求头在我请求的接口中部被允许 最后使用transformRequest 干掉其他的key axios.get('https://www.baidu.com',{ transformRequest :[ (data, headers) => { delete heade...
blocked by CORS policy: Request header field token is not allowed by Access-Control-Allow-Headers in
Ggome的博客
05-11 5827
原因跨域设置没有设置token名称,将token加入请求跨域请求头里面即可。
Request header field Content-Type is not allowed by Access-Control-Allow-Headers in preflight res
Miss Dan的博客
12-25 6047
一、问题: 跨域请求中包含自定义header字段时,浏览器console报错。 Request header field Content-Type is not allowed by Access-Control-Allow-Headers in preflight response 二、原因: 包含自定义header字段的跨域请求,浏览器会先向服务器发送OPTIONS请求,探测该服务器是...
Request header field xxxx is not allowed by Access-Control-Allow-Headers in preflight response问题
weixin_45203607的博客
06-08 4683
这是因为目标服务不允许在请求头中加 x-run-as 这个第一种,前端请时候将请求头中的 x-run-as 这个去掉第二种,后端跨域配置中的请求头中添加这个key
Request header field Content-Type is not allowed by Access-Control-Allow-Headers
热门推荐
xuedapeng的博客
01-16 8万+
一、问题: 跨域请求中包含自定义header字段时,浏览器console报错。 Request header field xfilesize is not allowed by Access-Control-Allow-Headers 二、原因: 包含自定义header字段的跨域请求,浏览器会先向服务器发送OPTIONS请求,探测该服务器是否允许自定义的跨域字段。 如果允许,则继
Request header field token is not allowed by Access-Control-Allow-Headers in preflight response.
八佾舞于庭
11-07 3745
报错 Request header field token is not allowed by Access-Control-Allow-Headers in preflight response. 报文: 后台配置修改header为*,解决当前报错。 
Request header field xxx is not allowed by Access-Control-Allow-Headers in preflight respon
MAIMIHO的博客
07-27 764
调试时发现低版本的WebView无法请求跨域接口 请求信息如下: Request Method:OPTIONS Status Code:200 OK Access-Control-Allow-Headers:* Access-Control-Allow-Methods:POST, GET, OPTIONS, PUT, DELETE Access-Control-Allow-Origin:* 已经设置了 Access-Control-Allow-Headers:* 但是 WebView 依然报错 Requ
Request header field retoken is not allowed by Access-Control-Allow-Headers in preflight response.
07-27
这个错误是由于CORS策略引起的。CORS(跨域资源共享)是一种浏览器安全机制,用于限制跨域请求。当浏览器发起跨域请求时,会先发送一个预检请求(preflight request)来检查服务器是否允许该请求。预检请求中会包含一些自定义的请求头,如token、AC-User-Agent等。服务器需要在响应的请求头中设置Access-Control-Allow-Headers来允许这些自定义请求头。 根据引用\[1\]和引用\[2\]的错误信息,可以看出服务器没有正确设置Access-Control-Allow-Headers来允许token和AC-User-Agent这两个自定义请求头。根据引用\[3\]的经验,可以尝试在服务端过滤器的Response响应的请求头中设置Access-Control-Allow-Headers为'token,content-type'来允许这两个请求头。这样就可以解决"Request header field retoken is not allowed by Access-Control-Allow-Headers in preflight response"的问题了。 #### 引用[.reference_title] - *1* *3* [Request header field token is not allowed by Access-Control-Allow-Headers in preflight response](https://blog.csdn.net/fuzhongbin/article/details/106239664)[target="_blank" data-report-click={"spm":"1018.2226.3001.9630","extra":{"utm_source":"vip_chatgpt_common_search_pc_result","utm_medium":"distribute.pc_search_result.none-task-cask-2~all~insert_cask~default-1-null.142^v91^koosearch_v1,239^v3^insert_chatgpt"}} ] [.reference_item] - *2* [解决Request header field XXX is not allowed by access-control-allow-headers in preflight response](https://blog.csdn.net/HO1_K/article/details/126501541)[target="_blank" data-report-click={"spm":"1018.2226.3001.9630","extra":{"utm_source":"vip_chatgpt_common_search_pc_result","utm_medium":"distribute.pc_search_result.none-task-cask-2~all~insert_cask~default-1-null.142^v91^koosearch_v1,239^v3^insert_chatgpt"}} ] [.reference_item] [ .reference_list ]
评论 2
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值