问题:
您没有正确配置“Access-Control-Allow-Origin”,并且您的当前配置被服务器忽略.
情况:
错误堆栈跟踪说:
The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request’s credentials mode is ‘include’. Origin ‘07000’ is therefore not allowed access.
这意味着除了您不能将“Access-Control-Allow-Origin”设置为通配符“*”之外,您的域“http:// localhost:4200”也不允许访问.
回答你的问题:
How can I resolve this when I’ve already set the allowed origin in the WebSocketConfig to the client domain?
解:
我想你不需要在WebSocketConfig中设置允许的原点,因为它是为了在Web应用程序中配置WebSocket风格的消息传递,如WebSocket Support in Spring documentation所述,您将需要在CORSFilter配置类中进行配置,因为它将用于配置Spring过滤器用于Web应用程序访问.
这是您在CORSFilter.java配置类中需要的:
public class CORSFilter implements Filter {
// This is to be replaced with a list of domains allowed to access the server
//You can include more than one origin here
private final List allowedOrigins = Arrays.asList("http://localhost:4200");
public void destroy() {
}
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
// Lets make sure that we are working with HTTP (that is, against HttpServletRequest and HttpServletResponse objects)
if (req instanceof HttpServletRequest && res instanceof HttpServletResponse) {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
// Access-Control-Allow-Origin
String origin = request.getHeader("Origin");
response.setHeader("Access-Control-Allow-Origin", allowedOrigins.contains(origin) ? origin : "");
response.setHeader("Vary", "Origin");
// Access-Control-Max-Age
response.setHeader("Access-Control-Max-Age", "3600");
// Access-Control-Allow-Credentials
response.setHeader("Access-Control-Allow-Credentials", "true");
// Access-Control-Allow-Methods
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
// Access-Control-Allow-Headers
response.setHeader("Access-Control-Allow-Headers",
"Origin, X-Requested-With, Content-Type, Accept, " + "X-CSRF-TOKEN");
}
chain.doFilter(req, res);
}
public void init(FilterConfig filterConfig) {
}
}
你可以看到使用:
private final List allowedOrigins = Arrays.asList("http://localhost:4200");
设置允许访问服务器的域列表.
参考文献: