我在春天建立了一个后端REST API,我的朋友正在建立一个Angular JS前端应用程序来调用我的API,我有一个带有密钥的令牌头Authorization和一个可以访问该服务的值,否则它将被拒绝。来自Postman和REST客户端我可以接收API,但经过测试后,他说他在飞行前得到401 Unauthorized Error。下面是我的doFilterInternal方法。
Authorization
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException { response.setHeader("Access-Control-Allow-Origin", "*"); response.setHeader("Access-Control-Allow-Credentials", "true"); response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE"); response.setHeader("Access-Control-Max-Age", "3600"); response.setHeader("Access-Control-Allow-Headers","Content-Type, Accept, X-Requested-With, Authorization"); }
但是当他用Angular JS中的令牌调用API时,他得到了
spring.mvc.dispatch-options-request=true
在application.properties.But仍然他错误似乎是
飞行前的响应具有无效的https状态代码401
任何帮助表示赞赏。
这是避免预检错误的过滤器
@Override protected void doFilterInternal(HttpServletRequest req, HttpServletResponse res, FilterChain chain) throws ServletException, IOException { LOG.info("Adding CORS Headers ........................"); res.setHeader("Access-Control-Allow-Origin", "*"); res.setHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS"); res.setHeader("Access-Control-Max-Age", "3600"); res.setHeader("Access-Control-Allow-Headers", "X-PINGOTHER,Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,Authorization"); res.addHeader("Access-Control-Expose-Headers", "xsrf-token"); if ("OPTIONS".equals(req.getMethod())) { res.setStatus(HttpServletResponse.SC_OK); } else { chain.doFilter(req, res); } }
从发布跨源请求阻止Spring MVC Restful Angularjs中找到它
