When allowCredentials is true, allowedOrigins cannot contain the special value “*“ since that cannot

最新推荐文章于 2022-10-19 22:03:39 发布

51xplan

最新推荐文章于 2022-10-19 22:03:39 发布

阅读量564

点赞数

分类专栏： spring系列常见问题文章标签： java spring

本文链接：https://blog.csdn.net/xplan5/article/details/120293015

版权

spring系列常见问题专栏收录该内容

2 篇文章 0 订阅

订阅专栏

springboot + html 项目
后端启动项目之后，前端页面访问，前端页面500，后端报错，核心报错内容如下：

2021-09-14 17:48:49.275  INFO 14196 --- [nio-9000-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring DispatcherServlet 'dispatcherServlet'
2021-09-14 17:48:49.276  INFO 14196 --- [nio-9000-exec-1] o.s.web.servlet.DispatcherServlet        : Initializing Servlet 'dispatcherServlet'
2021-09-14 17:48:49.277  INFO 14196 --- [nio-9000-exec-1] o.s.web.servlet.DispatcherServlet        : Completed initialization in 1 ms
2021-09-14 17:48:49.296 ERROR 14196 --- [nio-9000-exec-1] o.a.c.c.C.[.[.[/].[dispatcherServlet]   
 : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed;
  nested exception is java.lang.IllegalArgumentException: 
  When allowCredentials is true, allowedOrigins cannot contain the special value "*" since that cannot be set on the "Access-Control-Allow-Origin" response header. 
  To allow credentials to a set of origins, 
  list them explicitly or consider using "allowedOriginPatterns" instead.] with root cause

原因在于 WebMvcConfig 类中使用了 .allowedOrigins("") ，旭替换为 .allowedOriginPatterns("")。
解决方案如下：

原代码如下：

package com.yx.common;

import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;


/**
 * 解决跨域访问的配置
 */
@Configuration
public class WebMvcConfig implements WebMvcConfigurer {

    @Override
    public void addCorsMappings(CorsRegistry registry) {
       registry.addMapping("/**")
                .allowCredentials(true)
                .allowedHeaders("Access-Control-Request-Method","Access-Control-Request-Headers","token","Content-Type","X-Requested-With","accept,Origin")
                .allowedMethods("*")
                .allowedOriginPatterns("*");
    }
}

修改后码如下：

package com.yx.common;

import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;


/**
 * 解决跨域访问的配置
 */
@Configuration
public class WebMvcConfig implements WebMvcConfigurer {

    @Override
    public void addCorsMappings(CorsRegistry registry) {
			registry.addMapping("/**")
                .allowCredentials(true)
                .allowedHeaders("Access-Control-Request-Method","Access-Control-Request-Headers","token","Content-Type","X-Requested-With","accept,Origin")
//                .allowedMethods("*")
                .allowedOrigins("*")
                .allowedOriginPatterns("*");
    }
}