问题:
Springboot升级至2.4.0中出现的跨域问题。
分析:
Springboot2.3.5.RELEASE时,我们可以使用CorsWebFilter进行如下设置解决跨域问题。
public CorsWebFiltercorsWebFilter(){
UrlBasedCorsConfigurationSource configurationSource=newUrlBasedCorsConfigurationSource(newPathPatternParser());
CorsConfiguration configuration=newCorsConfiguration();// 配置跨域
configuration.setAllowCredentials(true);
configuration.addAllowedOrigin("*");
configuration.addAllowedHeader("*");
configuration.addAllowedMethod("*");
configurationSource.registerCorsConfiguration("/**", configuration);returnnewCorsWebFilter(configurationSource);}
但是在spring boot 2.4.0 版本以后,配置完成后,我们去页面请求数据,就会发现:
暴漏的问题居然还是跨域问题,然后查看后台控制台,出现了如下的异常:
2020-12-1020:55:18.274 ERROR7576---[ctor-http-nio-5] a.w.r.e.AbstractErrorWebExceptionHandler:[28bc5558-2]500 Server Errorfor HTTP OPTIONS"/api/login"
java.lang.IllegalArgumentException: When allowCredentials istrue, allowedOrigins cannot contain the special value"*"since that cannot be set on the"Access-Control-Allow-Origin" response header. To allow credentials to a set of origins, list them explicitly or consider using"allowedOriginPatterns" instead.
at org.springframework.web.cors.CorsConfiguration.validateAllowCredentials(CorsConfiguration.java:457)~[spring-web-5.3.1.jar:5.3.1]
Suppressed: reactor.core.publisher.FluxOnAssembly$OnAssemblyException:
Error has been observed at the followingsite(s):|_ checkpoint ⇢ org.springframework.cloud.gateway.filter.WeightCalculatorWebFilter[DefaultWebFilterChain]
提示很明显:
When allowCredentials istrue, allowedOrigins cannot contain the special value"*"since that cannot be set on the"Access-Control-Allow-Origin" response header. To allow credentials to a set of origins, list them explicitly or consider using"allowedOriginPatterns" instead.
意思就是不能在configuration.setAllowCredentials(true)
的时候对addAllowedOrigin
设置为"*
",而要使用allowedOriginPatterns
这个字段来设置origin。
对于spring boot 2.4.0出现的跨域异常问题,直接给出解决方案。
import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;import org.springframework.web.cors.CorsConfiguration;import org.springframework.web.cors.reactive.CorsWebFilter;import org.springframework.web.cors.reactive.UrlBasedCorsConfigurationSource;import org.springframework.web.util.pattern.PathPatternParser;import java.util.ArrayList;import java.util.List;/**
* @Author: 冬生草
* @Date: 2020/12/10 21:11
* @Description: 跨域问题
*/@ConfigurationpublicclassCorsConfig{@Beanpublic CorsWebFiltercorsWebFilter(){
UrlBasedCorsConfigurationSource configurationSource=newUrlBasedCorsConfigurationSource(newPathPatternParser());
CorsConfiguration configuration=newCorsConfiguration();// 配置跨域
configuration.setAllowCredentials(true);
List<String> allowedOriginPatterns=newArrayList<>();
allowedOriginPatterns.add(CorsConfiguration.ALL);
configuration.setAllowedOriginPatterns(allowedOriginPatterns);
configuration.addAllowedHeader(CorsConfiguration.ALL);
configuration.addAllowedMethod(CorsConfiguration.ALL);
configurationSource.registerCorsConfiguration("/**", configuration);returnnewCorsWebFilter(configurationSource);}}
使用configuration.setAllowedOriginPatterns(allowedOriginPatterns)
就可以解决问题。
那么,CorsConfiguration.ALL
这是个什么东西呢?在源码中是这么写的。
如果是自定义origin的话,只需要将自定义的origin以字符串的形式放入到list集合中即可。
修改完毕后测试结果如下: