When allowCredentials is true, allowedOrigins cannot contain the special value since that cannot

共饮一杯无

发布于 2022-11-24 20:49:58

2K0

发布于 2022-11-24 20:49:58

问题描述

SpringBoot升级后跨域请求报如下错误

java.lang.IllegalArgumentException: When allowCredentials is true, allowedOrigins cannot contain the special value "*" since that cannot be set on the "Access-Control-Allow-Origin" response header. To allow credentials to a set of origins, list them explicitly or consider using "allowedOriginPatterns" instead.
	at org.springframework.web.cors.CorsConfiguration.validateAllowCredentials(CorsConfiguration.java:473)
	Suppressed: reactor.core.publisher.FluxOnAssembly$OnAssemblyException: 
Error has been observed at the following site(s):
	*__checkpoint ? com.xxx.cloud.gateway.config.CorsConfig$1 [DefaultWebFilterChain]
	*__checkpoint ? com.xxx.cloud.gateway.config.CorsConfig$$Lambda$615/1289462509 [DefaultWebFilterChain]
	*__checkpoint ? org.springframework.cloud.gateway.filter.WeightCalculatorWebFilter [DefaultWebFilterChain]
	*__checkpoint ? com.alibaba.csp.sentinel.adapter.spring.webflux.SentinelWebFluxFilter [DefaultWebFilterChain]
	*__checkpoint ? HTTP GET "/api/auth/v2/api-docs" [ExceptionHandlingWebHandler]

When allowCredentials is true, allowedOrigins cannot contain the special value “*” since that cannot be set on the “Access-Control-Allow-Origin” response header. To allow credentials to a set of origins, list them explicitly or consider using “allowedOriginPatterns” instead. 翻译为：当allowCredentials为真时, allowedorigin不能包含特殊值""，因为不能在"Access-Control-Allow-Origin"响应头中设置该值。要允许凭证到起源，显式地列出它们，或者考虑使用"allowedOriginPatterns"代替。

解决办法

跨域配置报错，将.allowedOrigins替换成.allowedOriginPatterns即可。

@Configuration
public class CorsConfig {
    private CorsConfiguration buildConfig() {
        CorsConfiguration corsConfiguration = new CorsConfiguration();
        //corsConfiguration.addAllowedOrigin("*");
        // 跨域配置报错，将.allowedOrigins替换成.allowedOriginPatterns即可。
        // 设置允许跨域请求的域名
        corsConfiguration.addAllowedOriginPattern("*");
        corsConfiguration.addAllowedHeader("*");
        // 设置允许的方法
        corsConfiguration.addAllowedMethod("*");
        // 是否允许证书
        corsConfiguration.setAllowCredentials(true);
        // 跨域允许时间
        corsConfiguration.setMaxAge(3600L);
        return corsConfiguration;
    }

    @Bean
    public CorsFilter corsFilter() {
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", buildConfig());
        return new CorsFilter(source);
    }

}

要是通过实现WebMvcConfigurer接口的形式，则按照如下修改：

@Configuration
public class CorsConfig implements WebMvcConfigurer {

    /**
     * 开启跨域
     */
    @Override
    public void addCorsMappings(CorsRegistry registry) {
        // 设置允许跨域的路由
        registry.addMapping("/**")
                // 设置允许跨域请求的域名
                //.allowedOrigins("*")  
                //跨域配置报错，将.allowedOrigins替换成.allowedOriginPatterns即可。
                .allowedOriginPatterns("*")
                // 是否允许证书（cookies）
                .allowCredentials(true)
                // 设置允许的方法
                .allowedMethods("*")
                // 跨域允许时间
                .maxAge(3600);
    }

}

本文参与?腾讯云自媒体分享计划，分享自作者个人站点/博客。

原始发表：2022-03-08，如有侵权请联系 cloudcommunity@tencent.com 删除

access

本文分享自作者个人站点/博客?前往查看

如有侵权，请联系 cloudcommunity@tencent.com 删除。

本文参与?腾讯云自媒体分享计划? ，欢迎热爱写作的你一起参与！

access

登录后参与评论

0 条评论

热度