Access to XMLHttpRequest at 'http://localhost:7070/part04/books/' from origin 'http://localhost:3000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
出现403,Forbidden,这个是因为你开启了CSRF保护,关闭即可、
在
config包下,继承WebSecurityConfigurerAdapter
方法中追加http.csrf().disable();关闭CSRF保护即可。
太坑了,话不多说上代码:
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/swagger-ui/**").permitAll()
.antMatchers("/v3/api-docs/**").permitAll()
.antMatchers("/vue/**").permitAll()
.anyRequest().authenticated();
.and().csrf().disable();
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}