Java include of_java – 当请求的凭据模式为’include’时,响应中的标题不能是通配符’*’...

最新推荐文章于 2023-04-23 11:19:04 发布

weixin_39806413

最新推荐文章于 2023-04-23 11:19:04 发布

阅读量694

点赞数

文章标签： Java include of

本文链接：https://blog.csdn.net/weixin_39806413/article/details/114962539

版权

问题：

您没有正确配置“Access-Control-Allow-Origin”,并且您的当前配置被服务器忽略.

情况：

错误堆栈跟踪说：

The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request’s credentials mode is ‘include’. Origin ‘07000’ is therefore not allowed access.

这意味着除了您不能将“Access-Control-Allow-Origin”设置为通配符“*”之外,您的域“http：// localhost：4200”也不允许访问.

回答你的问题：

How can I resolve this when I’ve already set the allowed origin in the WebSocketConfig to the client domain?

解：

我想你不需要在WebSocketConfig中设置允许的原点,因为它是为了在Web应用程序中配置WebSocket风格的消息传递,如WebSocket Support in Spring documentation所述,您将需要在CORSFilter配置类中进行配置,因为它将用于配置Spring过滤器用于Web应用程序访问.

这是您在CORSFilter.java配置类中需要的：

public class CORSFilter implements Filter {

// This is to be replaced with a list of domains allowed to access the server

//You can include more than one origin here

private final List allowedOrigins = Arrays.asList("http://localhost:4200");

public void destroy() {

}

public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {

// Lets make sure that we are working with HTTP (that is, against HttpServletRequest and HttpServletResponse objects)

if (req instanceof HttpServletRequest && res instanceof HttpServletResponse) {

HttpServletRequest request = (HttpServletRequest) req;

HttpServletResponse response = (HttpServletResponse) res;

// Access-Control-Allow-Origin

String origin = request.getHeader("Origin");

response.setHeader("Access-Control-Allow-Origin", allowedOrigins.contains(origin) ? origin : "");

response.setHeader("Vary", "Origin");

// Access-Control-Max-Age

response.setHeader("Access-Control-Max-Age", "3600");

// Access-Control-Allow-Credentials

response.setHeader("Access-Control-Allow-Credentials", "true");

// Access-Control-Allow-Methods

response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");

// Access-Control-Allow-Headers

response.setHeader("Access-Control-Allow-Headers",

"Origin, X-Requested-With, Content-Type, Accept, " + "X-CSRF-TOKEN");

}

chain.doFilter(req, res);

}

public void init(FilterConfig filterConfig) {

}

你可以看到使用：

private final List allowedOrigins = Arrays.asList("http://localhost:4200");

设置允许访问服务器的域列表.

参考文献：

weixin_39806413

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
Java include of_java – 当请求的凭据模式为’include’时,响应中的标题不能是通配符’*’...

问题：您没有正确配置“Access-Control-Allow-Origin”,并且您的当前配置被服务器忽略.情况：错误堆栈跟踪说：The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request’s credentials mode...
复制链接

扫一扫