泽西岛-对预检请求的响应未通过访问控制检查：否'Access-Control-Allow-Origin'

Shivkumar Mallesappa 发表于 Dev

Shivkumar Mallesappa

错误截图：

以下是我的API类，其中为@OPTIONS方法编写了代码。

@OPTIONS 
    public Response OptionsFirstRequst(){
         return Response.ok()
      .header("Access-Control-Allow-Origin", "*")
      .header("Access-Control-Allow-Methods", "*")
      .header("Access-Control-Allow-Headers", "*").build();
    }

我创建了一个名为Response Builder的类，通过该类我为每个请求发送响应。以下是Response Builder类的代码：

    public class ResponseBuilder {

    public int status;
    public HashMap data;
    public String error;

    public static Response ok(int Status_code, HashMap<String, String> data, String Response_error) {
        if (data == null) {
            data = new HashMap();
        }

        ResponseBuilder response = new ResponseBuilder();
        response.status = Status_code;
        response.data = data;
        response.error = Response_error;

        return Response.status(Status_code).entity(response)
                .header("Access-Control-Allow-Origin", "*")
                .header("Access-Control-Allow-Methods", "*")
                .header("Access-Control-Allow-Headers", "*").build();
    }

    public static Response error(int Status_code, HashMap<String, String> data, String Response_error) {
        if (data == null) {
            data = new HashMap();
        }

        ResponseBuilder response = new ResponseBuilder();
        response.status = Status_code;
        response.data = data;
        response.error = Response_error;
        response.data = new HashMap();

        return Response.status(Status_code).entity(response)
                .header("Access-Control-Allow-Origin", "*")
                .header("Access-Control-Allow-Methods", "*")
                .header("Access-Control-Allow-Headers", "*").build();
    }

}

我还有一个Request过滤器，用于验证每个请求（登录除外）的令牌。

我能够登录，生成令牌并将其返回给浏览器。但是登录后，如果我单击个人资料。

我得到的响应为200（如浏览器的dev-tools网络所示），但没有得到任何数据/正确的响应。

我收到以下错误。

对预检请求的响应未通过访问控制检查：所请求的资源上不存在“ Access-Control-Allow-Origin”标头。

明子·拉奇莫（Meiko Rachimow）

要检查并添加CORS标头，通常的解决方案是使用javax.ws.rs.container.ContainerResponseFilter。下面是一个示例，其中在类中配置了允许的来源ApplicationConfig.accessControlAllowedOrigins：

import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerResponseContext;
import javax.ws.rs.container.ContainerResponseFilter;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.ext.Provider;
import java.io.IOException;

@Provider
public class ResponseCorsFilter implements ContainerResponseFilter {

    @Override
    public void filter(ContainerRequestContext requestContext, 
            ContainerResponseContext responseContext) throws IOException {

        MultivaluedMap<String, Object> responseHeaders = responseContext.getHeaders();
        String origin = requestContext.getHeaderString("Origin");
        if (null != origin && 
            (ApplicationConfig.accessControlAllowedOrigins.contains(origin) ||
                 ApplicationConfig.accessControlAllowedOrigins.contains("*"))) {

            responseHeaders.putSingle("Access-Control-Allow-Origin", origin);
            responseHeaders.putSingle("Access-Control-Allow-Methods", 
                "GET, POST, OPTIONS, PUT, DELETE, HEAD");

            String reqHead = requestContext.getHeaderString(
                "Access-Control-Request-Headers");

            if (null != reqHead && !reqHead.equals("")) {
                responseHeaders.putSingle("Access-Control-Allow-Headers", reqHead);
            }
        }
    }
}