angular - 出现错误- GET http://localhost:8080/hello/variable/user net::ERR_FAILED 运行 Angular+Spring Boot 应用程序
问题描述
通过禁用 csrf() 并启用 OPTION 请求在 localhost 中运行 Angular+Spring 启动应用程序时出现以下错误
错误 - 从源“http://localhost:4200”访问“http://localhost:8080/hello/variable/paraan”处的 XMLHttpRequest 已被 CORS 策略阻止:没有“Access-Control-Allow-Origin”标头存在于请求的资源上。
GET http://localhost:8080/hello/variable/user net::ERR_FAILED zone-evergreen.js:2845
角欢迎数据.service.ts
executeHelloWorldBeanServicePathVarible(name)
{
let basicAuthHeaderString=this.createBasicAuthenticationHttpHeader();
let headers=new HttpHeaders({
Authorization:basicAuthHeaderString
})
return this.http.get<helloWorldBean>
(`http://localhost:8080/hello/variable/${name}`,
{headers});
}
createBasicAuthenticationHttpHeader(){
let username='user'
let password='dummy'
let basicAuthHeaderString='Basic' + window.btoa(username + ':' + password);
return basicAuthHeaderString;
}
SpringSecurityConfigurationBasicAuth.java
package com.practice.rest.webservices.restfulwebservices.basic.auth;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.web.bind.annotation.CrossOrigin;
@Configuration
@EnableWebSecurity
public class SpringSecurityConfigurationBasicAuth extends WebSecurityConfigurerAdapter{
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.antMatchers(HttpMethod.OPTIONS,"/**").permitAll()
.anyRequest().authenticated()
.and()
//.formLogin().and()
.httpBasic();
}
}
编辑了 SpringSecurityConfigurationBasicAuth.java
package com.practice.rest.webservices.restfulwebservices.basic.auth;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter;
@Configuration
@EnableWebSecurity
public class SpringSecurityConfigurationBasicAuth extends WebSecurityConfigurerAdapter{
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.antMatchers(HttpMethod.OPTIONS,"/**").permitAll()
.anyRequest().authenticated()
.and()
//.formLogin().and()
.httpBasic();
}
@Bean
public CorsFilter corsFilter() {
final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
final CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
config.addAllowedOrigin(CorsConfiguration.ALL);
config.addAllowedHeader("*");
config.addExposedHeader("Authorization");
config.addAllowedMethod("OPTIONS");
config.addAllowedMethod("HEAD");
config.addAllowedMethod("GET");
config.addAllowedMethod("PUT");
config.addAllowedMethod("POST");
config.addAllowedMethod("DELETE");
config.addAllowedMethod("PATCH");
source.registerCorsConfiguration("/**", config);
return new CorsFilter(source);
}
}
解决方案
将此添加到您的代码中。
@Bean
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
http.headers()
.referrerPolicy(ReferrerPolicy.NO_REFERRER);
return http.build();
}
推荐阅读
- javascript - 如果将命名函数声明放在 return 语句中,为什么不提升它?
- javascript - html5视频结束时淡入元素
- c - C中的字符常量和初始化
- python - Python:如果列表同时包含数字和字符串,如何排序?
- c# - 挂起 HtmlAgilityPack 任务
- python-3.x - 使用 python 清理 iBooks 目录中的数据文件名
- javascript - 使用 php 动态更改 css
- c# - 将 Form2 中的事件值接收到 Form1 WinForms
- .net - 不允许我从课堂外调用事件
- amazon-dynamodb - 如何仅基于分区键更新项目?