设想:
前端:NGINX 中的 Angular 应用程序
后端:Tomcat 8.5 中的 Java 应用程序
前端需要调用后端 Rest API。据我所知,我需要允许 CORS 才能实现这一点:
因此我查看了 Tomcat 文档并将 cors 过滤器添加到 web.xml 中:
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>http://dev.retex.global</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Content-Type,X-Requested-With,Accept,Accept-Encoding,Accept-Language,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,Connection,Host</param-value>
</init-param>
<init-param>
<param-name>cors.exposed.headers</param-name>
<param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
然后我重新启动了 tomcat 服务
此设置未按预期工作:
$ curl -v \
> -H 'Accept: */*' \
> -H 'Accept-Encoding:gzip, deflate' \
> -H 'Accept-Language:en-US,en;q=0.9,es;q=0.8' \
> -H 'Access-Control-Request-Headers:authorization,content-type' \
> -H 'Access-Control-Request-Method:POST' \
> -H 'Connection:keep-alive' \
> -H 'Origin:http://dev.retex.global' \
> -H 'Host:dev.retex.global:8080' \
> -X OPTIONS \
> http://dev.retex.global:8080/returnitRest/rest/pickup/label
* timeout on name lookup is not supported
* Trying 13.55.221.200...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Connected to dev.retex.global (13.55.221.200) port 8080 (#0)
> OPTIONS /returnitRest/rest/pickup/label HTTP/1.1
> Host:dev.retex.global:8080
> User-Agent: curl/7.47.1
> Accept: */*
> Accept-Encoding:gzip, deflate
> Accept-Language:en-US,en;q=0.9,es;q=0.8
> Access-Control-Request-Headers:authorization,content-type
> Access-Control-Request-Method:POST
> Connection:keep-alive
> Origin:http://dev.retex.global
>
< HTTP/1.1 403
< Content-Type: text/plain
< Content-Length: 0
< Date: Mon, 20 Nov 2017 09:54:22 GMT
<
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
* Connection #0 to host dev.retex.global left intact
问题:我究竟做错了什么?
答案1
这是我为解决这个问题所做的事情:
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>http://domainA.com,https://domainA.com,http://localhost:4200</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Content-Type,X-Requested-With,Accept,Accept-Encoding,Accept-Language,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,Connection,Host,authorization</param-value>
</init-param>
<init-param>
<param-name>cors.exposed.headers</param-name>
<param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
希望这可以帮助
答案2
哇。这个回复终于有用了。我一直在努力解决本地 tomcat 上的 CORS 错误。它突然开始发生。添加这些设置后,我的应用程序又开始工作了。非常感谢。