今天做项目的时候发现跨域一直报错,只有设置allowedOrigins为localhost:8080才能进得去.
无论是用@CrossOrigin注解还是实现WebMvcConfigurer类,哪怕是继承WebMvcConfigurerAdapter类重写addCorsMappings方法,都是不起作用了.
报错:@CrossOrigin 响应中的“Access Control Allow Origin”标头的值不得为通配符“*
This is a part of security, you cannot do that. If you want to allow credentials then your Access-Control-Allow-Origin must not use *. You will have to specify the exact protocol + domain + port. For reference see these questions :
Access-Control-Allow-Origin wildcard subdomains, ports and protocols
Cross Origin Resource Sharing with Credentials
Besides * is too permissive and would defeat use of credentials. So set http://localhost:3000 or http://localhost:8000 as the allow origin header.
这是安全性的一部分,您不