解决Spring Cloud Gateway 2.x跨域时出现重复Origin的BUG

最新推荐文章于 2024-03-20 18:38:15 发布
最新推荐文章于 2024-03-20 18:38:15 发布
阅读量1.4w 收藏 25
点赞数 7
分类专栏: Java Spring Cloud Spring Cloud Gateway 文章标签: Spring Cloud Gateway 2.x 多个Origin 跨域 bug CORS
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/zimou5581/article/details/90043178
版权

版本

Spring Cloud :Greenwich.SR1
Spring Cloud Gateway : 2.1.1.RELEASE

现象

跨域时POST请求body内容为空,报跨域失败错误
原因是Access-Control-Allow-Origin只允许有一个值,而响应头里有多个Origin

The ‘Access-Control-Allow-Origin’ header contains multiple values “*, *”, but only one is allowed.

解决方式

@Configuration
public class CorsConfiguration {

    private static final String ALLOWED_HEADERS = "x-requested-with, authorization, Content-Type, Authorization, credential, X-XSRF-TOKEN,token,username,client";
    private static final String ALLOWED_METHODS = "*";
    private static final String ALLOWED_ORIGIN = "*";
    private static final String ALLOWED_EXPOSE = "*";
    private static final String MAX_AGE = "3600";

    @Bean
    public WebFilter corsFilter() {
        return (ServerWebExchange ctx, WebFilterChain chain) -> {
            ServerHttpRequest request = ctx.getRequest();
            if (CorsUtils.isCorsRequest(request)) {
                ServerHttpResponse response = ctx.getResponse();
                HttpHeaders headers = response.getHeaders();
                headers.set("Access-Control-Allow-Origin", ALLOWED_ORIGIN);
                headers.add("Access-Control-Allow-Methods", ALLOWED_METHODS);
                headers.add("Access-Control-Max-Age", MAX_AGE);
                headers.add("Access-Control-Allow-Headers", ALLOWED_HEADERS);
                headers.add("Access-Control-Expose-Headers", ALLOWED_EXPOSE);
                headers.add("Access-Control-Allow-Credentials", "true");
                if (request.getMethod() == HttpMethod.OPTIONS) {
                    response.setStatusCode(HttpStatus.OK);
                    return Mono.empty();
                }
            }
            return chain.filter(ctx);
        };
    }
}


@Component("corsResponseHeaderFilter")
public class CorsResponseHeaderFilter implements GlobalFilter, Ordered {
    
    @Override
    public int getOrder() {
        // 指定此过滤器位于NettyWriteResponseFilter之后
        // 即待处理完响应体后接着处理响应头
        return NettyWriteResponseFilter.WRITE_RESPONSE_FILTER_ORDER + 1;
    }

    @Override
    public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
        return chain.filter(exchange).then(Mono.defer(() -> {
            exchange.getResponse().getHeaders().entrySet().stream()
                    .filter(kv -> (kv.getValue() != null && kv.getValue().size() > 1))
                    .filter(kv -> (kv.getKey().equals(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)
                            || kv.getKey().equals(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS)))
                    .forEach(kv -> {
                        kv.setValue(new ArrayList<String>() {{
                            add(kv.getValue().get(0));
                        }});
                    });

            return chain.filter(exchange);
        }));
    }
}

原因

Spring Cloud Gateway的NettyRoutingFilter源码中有BUG
位于182行:response.getHeaders().putAll(filteredResponseHeaders);
根据github上的issue将在后面几个版本中进行修复
当前版本需要自行解决

既然问题出在过滤器链条上,那么还是用Spring的方式,增加一个过滤器,插入到过滤器链条中。不过,新增的这个过滤器在整个链条上的位置有特殊要求。
当请求经过NettyRoutingFilter处理后,并不会马上响应客户端请求,接下来还有重要的一步要做,那就是处理响应体(ResponseBoby),由NettyWriteResponseFilter这个过滤器来处理,所以,要修复这个问题,就在处理完响应体之后立马再处理重复的跨域请求头就OK了

/*
 * Copyright 2013-2019 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.springframework.cloud.gateway.filter;

import java.net.URI;
import java.util.List;

import io.netty.handler.codec.http.DefaultHttpHeaders;
import io.netty.handler.codec.http.HttpMethod;
import reactor.core.publisher.Flux;
import reactor.core.publisher.Mono;
import reactor.netty.NettyPipeline;
import reactor.netty.http.client.HttpClient;
import reactor.netty.http.client.HttpClientResponse;

import org.springframework.beans.factory.ObjectProvider;
import org.springframework.cloud.gateway.config.HttpClientProperties;
import org.springframework.cloud.gateway.filter.headers.HttpHeadersFilter;
import org.springframework.cloud.gateway.filter.headers.HttpHeadersFilter.Type;
import org.springframework.cloud.gateway.support.TimeoutException;
import org.springframework.core.Ordered;
import org.springframework.core.io.buffer.NettyDataBuffer;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.server.reactive.AbstractServerHttpResponse;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.http.server.reactive.ServerHttpResponse;
import org.springframework.util.StringUtils;
import org.springframework.web.server.ResponseStatusException;
import org.springframework.web.server.ServerWebExchange;

import static org.springframework.cloud.gateway.filter.headers.HttpHeadersFilter.filterRequest;
import static org.springframework.cloud.gateway.support.ServerWebExchangeUtils.CLIENT_RESPONSE_ATTR;
import static org.springframework.cloud.gateway.support.ServerWebExchangeUtils.CLIENT_RESPONSE_CONN_ATTR;
import static org.springframework.cloud.gateway.support.ServerWebExchangeUtils.CLIENT_RESPONSE_HEADER_NAMES;
import static org.springframework.cloud.gateway.support.ServerWebExchangeUtils.GATEWAY_REQUEST_URL_ATTR;
import static org.springframework.cloud.gateway.support.ServerWebExchangeUtils.ORIGINAL_RESPONSE_CONTENT_TYPE_ATTR;
import static org.springframework.cloud.gateway.support.ServerWebExchangeUtils.PRESERVE_HOST_HEADER_ATTRIBUTE;
import static org.springframework.cloud.gateway.support.ServerWebExchangeUtils.isAlreadyRouted;
import static org.springframework.cloud.gateway.support.ServerWebExchangeUtils.setAlreadyRouted;

/**
 * @author Spencer Gibb
 * @author Biju Kunjummen
 */
public class NettyRoutingFilter implements GlobalFilter, Ordered {

	private final HttpClient httpClient;

	private final ObjectProvider<List<HttpHeadersFilter>> headersFiltersProvider;

	private final HttpClientProperties properties;

	// do not use this headersFilters directly, use getHeadersFilters() instead.
	private volatile List<HttpHeadersFilter> headersFilters;

	public NettyRoutingFilter(HttpClient httpClient,
			ObjectProvider<List<HttpHeadersFilter>> headersFiltersProvider,
			HttpClientProperties properties) {
		this.httpClient = httpClient;
		this.headersFiltersProvider = headersFiltersProvider;
		this.properties = properties;
	}

	public List<HttpHeadersFilter> getHeadersFilters() {
		if (headersFilters == null) {
			headersFilters = headersFiltersProvider.getIfAvailable();
		}
		return headersFilters;
	}

	@Override
	public int getOrder() {
		return Ordered.LOWEST_PRECEDENCE;
	}

	@Override
	@SuppressWarnings("Duplicates")
	public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
		URI requestUrl = exchange.getRequiredAttribute(GATEWAY_REQUEST_URL_ATTR);

		String scheme = requestUrl.getScheme();
		if (isAlreadyRouted(exchange)
				|| (!"http".equals(scheme) && !"https".equals(scheme))) {
			return chain.filter(exchange);
		}
		setAlreadyRouted(exchange);

		ServerHttpRequest request = exchange.getRequest();

		final HttpMethod method = HttpMethod.valueOf(request.getMethodValue());
		final String url = requestUrl.toString();

		HttpHeaders filtered = filterRequest(getHeadersFilters(), exchange);

		final DefaultHttpHeaders httpHeaders = new DefaultHttpHeaders();
		filtered.forEach(httpHeaders::set);

		String transferEncoding = request.getHeaders()
				.getFirst(HttpHeaders.TRANSFER_ENCODING);
		boolean chunkedTransfer = "chunked".equalsIgnoreCase(transferEncoding);

		boolean preserveHost = exchange
				.getAttributeOrDefault(PRESERVE_HOST_HEADER_ATTRIBUTE, false);

		Flux<HttpClientResponse> responseFlux = this.httpClient
				.chunkedTransfer(chunkedTransfer).request(method).uri(url)
				.send((req, nettyOutbound) -> {
					req.headers(httpHeaders);

					if (preserveHost) {
						String host = request.getHeaders().getFirst(HttpHeaders.HOST);
						req.header(HttpHeaders.HOST, host);
					}
					return nettyOutbound.options(NettyPipeline.SendOptions::flushOnEach)
							.send(request.getBody()
									.map(dataBuffer -> ((NettyDataBuffer) dataBuffer)
											.getNativeBuffer()));
				}).responseConnection((res, connection) -> {
					ServerHttpResponse response = exchange.getResponse();
					// put headers and status so filters can modify the response
					HttpHeaders headers = new HttpHeaders();

					res.responseHeaders().forEach(
							entry -> headers.add(entry.getKey(), entry.getValue()));

					String contentTypeValue = headers.getFirst(HttpHeaders.CONTENT_TYPE);
					if (StringUtils.hasLength(contentTypeValue)) {
						exchange.getAttributes().put(ORIGINAL_RESPONSE_CONTENT_TYPE_ATTR,
								contentTypeValue);
					}

					HttpStatus status = HttpStatus.resolve(res.status().code());
					if (status != null) {
						response.setStatusCode(status);
					}
					else if (response instanceof AbstractServerHttpResponse) {
						// https://jira.spring.io/browse/SPR-16748
						((AbstractServerHttpResponse) response)
								.setStatusCodeValue(res.status().code());
					}
					else {
						throw new IllegalStateException(
								"Unable to set status code on response: "
										+ res.status().code() + ", "
										+ response.getClass());
					}

					// make sure headers filters run after setting status so it is
					// available in response
					HttpHeaders filteredResponseHeaders = HttpHeadersFilter.filter(
							getHeadersFilters(), headers, exchange, Type.RESPONSE);

					if (!filteredResponseHeaders
							.containsKey(HttpHeaders.TRANSFER_ENCODING)
							&& filteredResponseHeaders
									.containsKey(HttpHeaders.CONTENT_LENGTH)) {
						// It is not valid to have both the transfer-encoding header and
						// the content-length header
						// remove the transfer-encoding header in the response if the
						// content-length header is presen
						response.getHeaders().remove(HttpHeaders.TRANSFER_ENCODING);
					}

					exchange.getAttributes().put(CLIENT_RESPONSE_HEADER_NAMES,
							filteredResponseHeaders.keySet());

					response.getHeaders().putAll(filteredResponseHeaders);

					// Defer committing the response until all route filters have run
					// Put client response as ServerWebExchange attribute and write
					// response later NettyWriteResponseFilter
					exchange.getAttributes().put(CLIENT_RESPONSE_ATTR, res);
					exchange.getAttributes().put(CLIENT_RESPONSE_CONN_ATTR, connection);

					return Mono.just(res);
				});

		if (properties.getResponseTimeout() != null) {
			responseFlux = responseFlux.timeout(properties.getResponseTimeout(),
					Mono.error(new TimeoutException("Response took longer than timeout: "
							+ properties.getResponseTimeout())))
					.onErrorMap(TimeoutException.class,
							th -> new ResponseStatusException(HttpStatus.GATEWAY_TIMEOUT,
									th.getMessage(), th));
		}

		return responseFlux.then(chain.filter(exchange));
	}

}

参考文章:
Doubled CORS headers after upgrade to Greenwich #728
Dedupe response header filter #866
Spring Cloud Gateway 2.x 跨域出现“Multiple CORS header”的问题解决

持盾的紫眸
关注
  • 7
    点赞
  • 25
    收藏
    觉得还不错? 一键收藏
  • 8
    评论
专栏目录
spring cloud gateway跨域实现
06-10
spring cloud gateway是一个spring提供的用于构建网关的子项目,文档内容主要是实现网关跨域
Spring Boot 2.X、Spring CloudSpring Cloud Alibaba、Dubbo、分布式.zip
10-14
Spring Boot 专栏 基于 Spring Boot 2.X 版本的深度入门教程。 市面上的 Spring Boot 基础入门文章很多,但是深度入门文章却很少。对于很多开发者来说,入门即是其对某个技术栈的最终理解,一方面是开发者“比较懒”,另一方面是文章作者把 Spring Boot 入门写的太浅,又或者不够全面。 因此,开始了这个 Spring Boot 专栏,一个深度且全面的 Spring Boot 2.X 入门。 在带你快速学会 SpringMVC API 接口的编写的同,我还想告诉你还有全局返回、全局异常、拦截器、跨域处理等等功能。 在带你快速学会 MQ 消息的发送与消费的同,我还想告诉你 MQ 还有集群消费、广播消费、顺序消息、定消息、事务消息、消费重试等等特性。 在带你快速学会 Job 任务的编写的同,我还想告诉你还有 Quartz 单体、Quartz 集群、XXL-JOB 等等企业使用更多的调度平台。 ... 让我们一起愉快的挖坑,挖深坑,哇哈哈。
504 GATEWAY_TIMEOUT \“Response took longer than timeout:PTxxx问题处理
最新发布
weixin_39945506的博客
03-20 512
spring cloub项目通过访问服务的http接口偶尔会出现“504 GATEWAY_TIMEOUT "Response took longer than timeout:PTxxx”的异常。通过测试发现是服务的接口还未返回结果gateway就以几个返回了异常,判断出是gateway的HTTP接口的responseTimeout配置原因。response-timeout必须指定为java.time.Duration。connect-timeout必须以毫秒为单位指定。
SpringCloud Gateway跨域配置代码实例
08-25
主要介绍了SpringCloud Gateway跨域配置代码实例,文中通过示例代码介绍的非常详细,对大家的学习或者工作具有一定的参考学习价值,需要的朋友可以参考下
Spring Boot 2.X优雅的解决跨域问题
08-26
主要给大家介绍了关于Spring Boot 2.X如何优雅的解决跨域问题的相关资料,文中通过示例代码介绍的非常详细,对大家学习或者使用Spring Boot 2.X具有一定的参考学习价值,需要的朋友们下面来一起学习学习吧
spring cloud gateway请求跨域问题解决方案
08-25
主要介绍了spring cloud gateway请求跨域问题解决方案,文中通过示例代码介绍的非常详细,对大家的学习或者工作具有一定的参考学习价值,需要的朋友可以参考下
跨域问题详解(1-跨域解释以及解决办法;2-整合nginx重复配置跨域导致 ‘Access-Control-Allow-Origin‘ contains multiple values)
a1290320893的博客
12-31 6548
问题一:No ‘Access-Control-Allow-Origin’ header is present on the requested resource. 跨域:在当前页面想要访问其他页面,主要端口、ip、协议有一个不一样就会被定义为跨域; 例如: 在前后端分离的项目中,一个熟悉的场景:前端页面发送ajax请求给后端,后端返回json数据,前端拿到返回的数据进行响应的页面跳转以及数据的展示; 前端:http://front.smile.com:5500/login.html;页面发送ajax请求,给
解决Spring Cloud Zuul跨域出现重复Access-Control-Allow-Origin或者Access-Control-Allow-Credentials
yang_yzl11的博客
10-31 3935
前端报错: XMLHttpRequest cannot load http://localhost:8080/serviceA/api/serviceA/1337?cacheBuster=1470925389167. The Access-Control-Allow-Origin header contains multiple values 'http://localhost:3000, http://localhost:3000', but only one is allowed. Origin
跨域冲突问题解决
weixin_41827053的博客
07-28 2018
nginx 跨域处理
解决跨域origin重复问题(未使用nginx): Allow-Origin header contains multiple values... but only one is allowed
Hello_ZhangCL的博客
05-11 6880
记录一次独立解决问题经历: Gateway跨域, 出现allowed origin重复问题: The ‘Access-Control-Allow-Origin’ header contains multiple values. 关键在于并未像很多网友那样是nginx重复配置的情况! 经过查阅资料启发, 回到官网找到官方文档给出的方案.
spring cloud实现前端跨域问题的解决方案
08-28
主要介绍了 spring cloud实现前端跨域问题的解决方案,小编觉得挺不错的,现在分享给大家,也给大家做个参考。一起跟随小编过来看看吧
Spring Cloud Gateway 处理重复Header的方法(CORS policy: The ‘Access-Control-Allow-Origin‘ header has a……
小单的博客专栏
08-30 6983
问题现状 首先发现问题的原始点是浏览器进行 ajax 请求的出现跨域问题,经查看请求报文和错误确定是 Access-Control-Allow-Origin 出现多个值(浏览器目前是不允许的),其原因是是在 gateway 中配置过了 Access-Control-Allow-Origin,后端服务的开发人员也配置了 Access-Control-Allow-Origin,导致 response 在响应的Access-Control-Allow-Origin 出现多个值(不管两个值相同还是不同
gateway配置跨域出现响应头重复问题The ‘Access-Control-Allow-Origin‘ header contains multiple values ‘*, *‘, but on
qq_53861063的博客
10-23 2890
使用gateway做请求转发,响应标头重复问题Access to XMLHttpRequest at 'http://localhost:xxxx' http://localhost:xxxx' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains multiple values '*, *', but only one is allowed
spring cloud 框架 网关服务忽略跨域的几点记载
杨鑫的博客
10-26 168
spring cloud 框架 网关忽略 首先,网关服务的路由拦截器添加跨域的拦截 private static final String ALLOWED_HEADERS = "access-control-allow-origin,x-requested-with,httpkey,istoken,tenant_id,authorization, Content-Type, Author...
spring cloud gatewayThe ‘Access-Control-Allow-Origin’ header contains multiple values “*, null”
才子佳人的博客
11-12 1861
spring cloud gateway网关中加入了跨域支持,但是报了: The ‘Access-Control-Allow-Origin’ header contains multiple values “*, ”, but only one is allowed. 错误显示设置了两次Access-Control-Allow-Origin:,但我的代码我确定只设置了一次,怀疑是哪出了问题,找了一上午问题,百度到说是gatewaybug 我的版本: spring cloud gateway:2.1.2
gateway网关导致多重跨域问题The ‘Access-Control-Allow-Origin‘ header contains multiple values
小码蚁
03-01 2566
不要出现重复解决跨域问题
Nginx配置跨域请求Access-Control-Allow-Origin
qq_57252848的博客
10-08 2889
可以在nginx完成配置,允许多个域名跨域请求该服务端口。
spring.cloud.gateway 跨域问题
08-18
对于Spring Cloud Gateway跨域问题,你可以通过以下步骤解决: 1. 在你的Spring Cloud Gateway项目中,创建一个全局的跨域配置类,比如命名为CorsConfig。 2. 在CorsConfig类上添加注解`@Configuration`,使其成为一个配置类。 3. 在CorsConfig类中添加一个方法来配置跨域规则,比如命名为addCorsMappings。 4. 在addCorsMappings方法上添加注解`@Bean`,使其成为一个Bean。 5. 在addCorsMappings方法中使用CorsRegistry对象来配置跨域规则。例如: ```java @Configuration public class CorsConfig { @Bean public WebFluxConfigurer corsConfigurer() { return new WebFluxConfigurer() { @Override public void addCorsMappings(CorsRegistry registry) { registry.addMapping("/**") .allowedOrigins("*") .allowedMethods("*") .allowedHeaders("*") .exposedHeaders("Authorization") .allowCredentials(true) .maxAge(3600); } }; } } ``` 在上述示例中,通过调用CorsRegistry对象的addMapping方法来添加跨域规则。其中,allowedOrigins设置允许的源(域)地址,allowedMethods设置允许的HTTP方法,allowedHeaders设置允许的请求头,exposedHeaders设置允许暴露的响应头,allowCredentials设置是否允许发送cookie信息,maxAge设置预检请求的缓存间。 这样配置后,Spring Cloud Gateway就会支持跨域请求了。注意,如果你使用的是WebFlux框架,需要返回WebFluxConfigurer对象并重写addCorsMappings方法;如果使用的是WebMvc框架,则需要返回WebMvcConfigurer对象并重写addCorsMappings方法。 希望以上信息对你有所帮助!如有更多问题,请继续提问。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论 8
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值