Access to XMLHttpRequest at ‘http://xxxx‘ from origin ‘http://xxxx‘ has been blocked by CORS policy

已于 2022-03-05 11:22:27 修改
阅读量10w+ 收藏 102
点赞数 44
分类专栏: 报错快速处理 文章标签: java http web
于 2020-10-30 20:52:53 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/zwq56693/article/details/109392721
版权

解决CORS跨域问题

  • 今天做前后端分离的项目时, 前端向后台发送请求发现报错: Access to XMLHttpRequest at ‘http://localhost:8082/doLogin’ from origin ‘http://localhost:8080’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.
  • 问题分析: 从报错信息可以知道是由于CORS(Cross-origin resource sharing)所致
  • 解决方案

    1. SpringBoot项目解决方案

      /**
 * 解决异步访问跨域
 */
@Configuration
public class CorsConfig implements WebMvcConfigurer {
    @Override
    public void addCorsMappings(CorsRegistry registry) {
        //本应用的所有方法都会去处理跨域请求
        registry.addMapping("/**")
                //允许远端访问的域名
                .allowedOrigins("http://localhost:8080")
                //允许请求的方法("POST", "GET", "PUT", "OPTIONS", "DELETE")
                .allowedMethods("*")
                //允许请求头
                .allowedHeaders("*");
    }
}

    2. SpringBoot+Spring Security项目解决方案(在以上代码的基础上)

      protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
        ...
        .cors()
        .and()
        ...
}

    3. Vue-cli前端解决(新建vue.config.js并在main.js中引入)

      const proxyObj = {}
proxyObj['/'] = {
  target: 'http://localhost:8085',
  changeOrigin: true,
  pathRewrite: {
    '^/': ''
  }
}
module.exports = {
  devServer: {
    host: 'localhost',
    port: 8080,
    proxy: proxyObj
  }
}

    4. 实在不行就在后端发起请求

延伸拓展

  1. 同源策略:
    1. 概念: 要求协议、域名以及端口要相同,才能进行请求和响应
    2. 作用: 网络请求更安全, 并且所有支持JavaScript的浏览器都支持的安全策略
  2. 如果不支持可能造成的问题
    1. 不良分子会利用登录时用户的信息进行不当操作
    2. 举例: 点击恶意链接中包含<img src="http://xxx.com/pay?xxx=xx"> , 就会把自己的重要信息泄漏.
三人行 | Dylen
关注
专栏目录
Access to XMLHttpRequest at ‘file:///D:/xx/xxx.json‘ from origin ‘null‘ has been blocked by CORS问题解决
oscar999的专栏
04-12 9938
在浏览器打开本地的html文件, 上面proxy中的url获取的就是一个本地文件, 协议是file://,如果是在服务器启动的话,则使用的是http或者https协议。 出于安全性考虑, Chrome默认禁止了这种用法,file协议和http/https协议不同,会被Chrome认为是跨域访问,所以会报被CORS(Cross-Origin Resource Sharing,跨域资源共享)的安全策略阻止。
Access to XMLHttpRequest at ‘httpxxxx‘ from originhttpxxxx‘ has been blocked by CORS policy
澎湖Java架构师的博客
02-26 3134
解决CORS跨域问题 今天做前后端分离的项目时, 前端向后台发送请求发现报错: Access to XMLHttpRequest at ‘http://localhost:8082/doLogin’ from originhttp://localhost:8080’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Al
Access to XMLHttpRequest at ... from origin ... has ben blocked by CORS policy‘vue中的跨域问题解决办法
Aphea的博客
10-05 1857
用vue做的前端,当通过axios通信时,直接报错,且无返回码 目的url是http协议,通过测试发现,get其他https协议的url能够成功,初步判断是协议的问题,即跨域 解决办法: 在vue.config.js中修改为 module.exports = { devServer: { proxy: { '/api': { // 此处的写法,目的是为了 将 /api 替换成 https://www.baidu.com/
控制台报错Access to XMLHttpRequest at ‘http://‘ from originhttp://‘ has been blocked by CORS policy
lph159的博客
03-21 6055
期初我是在写前端代码进行调试,其中用到了axios,打开控制台一直在报上面的错误,以为是跨域的问题,所以一直针对跨域问题进行调试,但是还是解决不了,后来发现我的前端代码有些小错误,axios的method后面是没有s的(我写成了methods),修正之后还是解决不了。在解决跨域问题的时候引入了一些其他依赖,我把依赖去除,问题解决了...绷不住了啊。依赖添加多了会出问题,我针对跨域去解决问题的时候,添加了如下依赖,导致控制台出错。axios的method不带s,所以一定要细心。这个问题,纠缠了我很久。
解决“Access to XMLHttpRequest at ‘XXX’ from originhttp://localhost’ has been blocked by CORS policy
最新发布
qq_34419312的博客
08-23 4085
解决“Access to XMLHttpRequest at ‘XXX’ from originhttp://localhost’ has been blocked by CORS policy
前端学习(2442):解决跨域问题
歌谣的博客
10-20 1549
1.同源策略如下: URL 说明 是否允许通信 http://www.a.com/a.js http://www.a.com/b.js 同一域名下 允许 http://www.a.com/lab/a.js http://www.a.com/script/b.js 同一域名下不同文件夹 允许 http://www.a.com:8000/a.js http://www.a.com/b.js 同一域名,不同端口 不允许 http:
Access to XMLHttpRequest at ‘http://xx‘ from originhttp://xx‘ has been blocked by CORS policy:
记录知识、锤炼自我
09-30 6万+
问题场景 错误信息: Access to XMLHttpRequest at 'http://localhost:9090' from origin 'http://localhost:9090' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. 翻译:【在http://localhost:9090对http://localhos
Access to XMLHttpRequest at ‘xx‘ from origin ‘xx‘ has been blocked by CORS policy
xiao_sa_ge的博客
03-22 2053
Access to XMLHttpRequest at '接口地址和参数' from origin 'http://localhost:8080' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.可能是接口报错。
Access to XMLHttpRequest at ‘http://xxx‘ from originhttp://xxx‘ has been blocked by CORS policy:
Dove的博客
10-29 3739
Access to XMLHttpRequest at 'http://xxx' from origin 'http://xxx'has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. 出现这个问题是axios的跨域问题。 既然不能直接访问,那么我们就可以设置代理。服务器之间请求数据,是没有跨域的。就可以配置一个代理服务器请求另一个服务器中
Access to XMLHttpRequest at ‘http://localhost:xxxx
zzvar的博客
07-01 3119
1. 报错信息如下 进行跨域请求时报错,报错信息如下: Download the Vue Devtools extension for a better development experience: https://github.com/vuejs/vue-devtools vue.js:9064 You are running Vue in development mode. Make sure to turn on production mode when deploying for product
Access to XMLHttpRequest at ‘fileDxxxxx.json‘ from origin ‘null‘ has been blocked by CORS问题解决
begefefsef的博客
08-01 5010
出于安全性考虑,Chrome默认禁止了这种用法,file协议和http/https协议不同,会被Chrome认为是跨域访问,所以会报被CORS(Cross-OriginResourceSharing,跨域资源共享)的安全策略阻止。在该文件源码中,使用了proxy获取数据,数据源使用的是文件名为mydata.json的文件。在浏览器打开本地的html文件,上面proxy中的url获取的就是一个本地文件,协议是file//,如果是在服务器启动的话,则使用的是http或者https协议。...
网页端报错Access to XMLHttpRequest‘*‘from origin ‘*‘ has been blocked by CORS..Access-Control-Allow-Origi
qq_51553762的博客
12-13 3980
Tomcat需要在MyEclipse中重新部署。可能的原因是Tomcat被占用
跨域问题Access to XMLHttpRequest‘*‘from origin ‘*‘ has been blocked by CORS..Access-Control-Allow-Origin
热门推荐
胡老汉的博客
03-02 33万+
跨域问题解决方案:CORS Access to XMLHttpRequest at '*' from origin '*' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header...
Access to XMLHttpRequest has been blocked by CORS policy
myyw001的博客
12-27 1781
has been blocked by CORS policy: The request client is not a secure context and the resource is in more-private address space `private`.
跨域联调:Access to XMLHttpRequest at <url> from origin <url> has been blocked by CORS policy
yuancheng224的博客
02-18 737
如果已经配置好了前后端url但仍然无法实现联调,可尝试清空缓存。 以上为血泪教训,最后惊奇发现本地代码的修改在前端始终无效,最终靠清楚浏览器缓存解决了该问题
【Vue+Axios】Access to XMLHttpRequest at XXX from origin XXX has been blocked by CORS policy
HEX9CF的技术博客
09-25 5416
基于Vue3和SpringBoot进行前后端分离开发,实现登录功能。在测试提交表单时axios报错。
Access to XMLHttpRequest at 'xxx' from origin 'xxx' has been been blocked by CORS policy
lo_olo_ol的博客
12-27 1042
前端出现Access to XMLHttpRequest at ‘xxx’ from origin ‘xxx’ has been been blocked by CORS policy错误 解决方法 在SpringBoot后台接口上加上 @CrossOrigin 例如 import com.example.demo.bean.Admin; import com.example.demo.servi...
前端跨域主流解决方案(Access to XMLHttpRequest at ‘http..’ from origin ‘null‘ has been blocked by CORS policy
weixin_43239880的博客
04-06 3万+
前端跨域主流解决方案(Access to XMLHttpRequest at ‘http..’ from origin ‘null‘ has been blocked by CORS policy
跨域报错 Access to XMLHttpRequest at has been blocked by CORS policy
tplina的博客
07-17 4235
@Configuration public class SystemCorsConfiguration { private CorsConfiguration buildConfig() { CorsConfiguration corsConfiguration = new CorsConfiguration(); corsConfiguration.se...
Access to XMLHttpRequest at
08-24
Access to XMLHttpRequest at指的是浏览器允许通过XMLHttpRequest对象向跨源服务器发起请求的能力。这是通过CORS(跨源资源共享)机制实现的。CORS允许浏览器在AJAX请求中克服同源策略的限制,使得从其他域名获取数据成为可能。 CORS相比于传统的AJAX请求有一些优点。首先,它不像XMLHttpRequest对象实现的Ajax请求那样受到同源策略的限制,可以向跨源服务器发出请求。其次,CORS的兼容性更好,可以在更古老的浏览器中运行,不需要XMLHttpRequest或ActiveX的支持。最后,CORS请求在完成后可以通过回调方式将结果返回给调用方。 下面是一个浏览器的JavaScript脚本示例,展示了如何使用XMLHttpRequest对象进行CORS请求: var url = 'http://api.alice.com/cors'; var xhr = new XMLHttpRequest(); xhr.open('PUT', url, true); xhr.setRequestHeader('X-Custom-Header', 'value'); xhr.send(); 在这个例子中,JavaScript代码通过XMLHttpRequest对象向'http://api.alice.com/cors'发起PUT请求,并设置了一个自定义的请求头。请求发送后,服务器会接收请求并返回响应结果。<span class="em">1</span><span class="em">2</span><span class="em">3</span> #### 引用[.reference_title] - *1* *2* *3* [Access to XMLHttpRequest at ‘http://xx‘ from originhttp://xx‘ has been blocked by CORS policy:](https://blog.csdn.net/qq_43437874/article/details/120565996)[target="_blank" data-report-click={"spm":"1018.2226.3001.9630","extra":{"utm_source":"vip_chatgpt_common_search_pc_result","utm_medium":"distribute.pc_search_result.none-task-cask-2~all~insert_cask~default-1-null.142^v93^chatsearchT3_1"}}] [.reference_item style="max-width: 100%"] [ .reference_list ]
评论 10
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值