org.springframework.security.web.firewall.RequestRejectedException: The request was rejected because the header value "mes=ä½ æ¥è¿äº; Hm_lvt_4a1d36386e8734a5fd29acec9114818d=1645955855,1646027653,1646028677,1646104701; Hm_lvt_afd2ae44e23648da4e8a81a7b1349be4=1645955855,1646027653,1646028677,1646104701; Idea-4773dca=d5523d01-c201-46cc-baf1-41f2f2dcc9c9; JSESSIONID=A71CB3CEF90F0E7425FB1765D7F28611" is not allowed.
at org.springframework.security.web.firewall.StrictHttpFirewall$StrictFirewalledRequest.validateAllowedHeaderValue(StrictHttpFirewall.java:739)
at org.springframework.security.web.firewall.StrictHttpFirewall$StrictFirewalledRequest.access$000(StrictHttpFirewall.java:605)
at org.springframework.security.web.firewall.StrictHttpFirewall$StrictFirewalledRequest$1.nextElement(StrictHttpFirewall.java:647)
at org.springframework.security.web.firewall.StrictHttpFirewall$StrictFirewalledRequest$1.nextElement(StrictHttpFirewall.java:637)
at org.springframework.http.server.ServletServerHttpRequest.getHeaders(ServletServerHttpRequest.java:148)
at org.springframework.web.cors.DefaultCorsProcessor.handleInternal(DefaultCorsProcessor.java:115)
一开始遇到这个问题以为是url路径问题,或者是乱码问题。随后对路径进行检查发现没有其他码友说//路径问题;接着就排查乱码,把idea的所有语言全部设置成UTF-8还是没有解决,最后发现是浏览器的编码不一致,最初是用的火狐,后来用谷歌就好了,两个浏览器的编码不同导致spring.security报错。