Spring Cloud - Zuul Proxy is producing a No 'Access-Control-Allow-Origin' ajax response

后端 未结 6 595
别跟我提以往
别跟我提以往 2021-02-04 05:28

Startup Appplication:

@SpringBootApplication
@EnableZuulProxy
public class ZuulServer {

     public static void main(String[] args) {
         new SpringApplica         


        
相关标签:
6条回答
  • 2021-02-04 06:02

    That's just the browser telling you that you breached its common origin policy (see Wikipedia entry and a huge amount of material on the internet, none of which is really relevant to the tags you added). You can either teach the browser that it is OK to load resources from a different address by servicing the CORS pre-flight checks (e.g. in a Filter) or load the HTML through the proxy (hint: the latter is much easier and less error prone).

    0 讨论(0)
  • 2021-02-04 06:05

    I had a similar problem, with Angular Web app consuming RESTful services implemented by Spring Boot with Zuul and Spring Security.

    None of the above solutions worked. I realized that the problem was NOT in Zuul, but in Spring Security.

    As the official documentation (CORS with Spring Security) states, when using Spring Security, CORS must be configured prior to Spring Security.

    Finally, I was able to integrate Grinish Nepal's (see prior answers) solution into a solution that works.

    Without further ado, here is the code that enables CORS with Spring Security and Zuul:

    
        @Configuration
        @EnableWebSecurity
        public class SecurityConfig extends WebSecurityConfigurerAdapter {
            //irrelevant for this problem
            @Autowired
            private MyBasicAuthenticationEntryPoint authenticationEntryPoint;
    
            @Override
            protected void configure(HttpSecurity http) throws Exception {
                http
                        //configure CORS -- uses a Bean by the name of     corsConfigurationSource (see method below)
                        //CORS must be configured prior to Spring Security
                        .cors().and()
                        //configuring security - irrelevant for this problem
                        .authorizeRequests()
                            .anyRequest().authenticated()
                            .and()
                        .httpBasic()
                        .authenticationEntryPoint(authenticationEntryPoint);
    
                //irrelevant for this problem
                http.addFilterAfter(new CustomFilter(),
                        BasicAuthenticationFilter.class);
            }
    
            //The CORS filter bean - Configures allowed CORS any (source) to any 
            //(api route and method) endpoint
            @Bean
            CorsConfigurationSource corsConfigurationSource() {
                final UrlBasedCorsConfigurationSource source = new     UrlBasedCorsConfigurationSource();
                final CorsConfiguration config = new CorsConfiguration();
                config.setAllowCredentials(true);
                config.addAllowedOrigin(CorsConfiguration.ALL);
                config.addAllowedHeaders(Collections.singletonList(CorsConfiguration.ALL));
                config.addAllowedMethod("OPTIONS");
                config.addAllowedMethod("HEAD");
                config.addAllowedMethod("GET");
                config.addAllowedMethod("PUT");
                config.addAllowedMethod("POST");
                config.addAllowedMethod("DELETE");
                config.addAllowedMethod("PATCH");
                source.registerCorsConfiguration("/**", config);
                return source;
            }
    
            //configuring BA usernames and passwords - irrelevant for this problem
            @Autowired
            public void configureGlobal(AuthenticationManagerBuilder auth) throws     Exception {
               ...
            }
        }
    
    0 讨论(0)
  • 2021-02-04 06:16

    Adding this piece of code to your class annotated with @EnableZuulProxy should do the trick.

    @Bean
    public CorsFilter corsFilter() {
        final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        final CorsConfiguration config = new CorsConfiguration();
        config.setAllowCredentials(true);
        config.addAllowedOrigin("*");
        config.addAllowedHeader("*");
        config.addAllowedMethod("OPTIONS");
        config.addAllowedMethod("HEAD");
        config.addAllowedMethod("GET");
        config.addAllowedMethod("PUT");
        config.addAllowedMethod("POST");
        config.addAllowedMethod("DELETE");
        config.addAllowedMethod("PATCH");
        source.registerCorsConfiguration("/**", config);
        return new CorsFilter(source);
    }
    
    0 讨论(0)
  • 2021-02-04 06:16

    When your application runs on http://localhost:8383 then you can only make AJAX-calls to http://localhost:8383. Zuul doesn't and cannot change that.

    What Zuul can do is mapping requests for e.g. http://localhost:8383/zuul/ to http://localhost:8080/zuul/. But your browser would have to call http://localhost:8383/zuul/springapp/departments and you have to configure that mapping.

    0 讨论(0)
  • 2021-02-04 06:16

    I had the same issue, and i have fixed by adding CorsFilter bean

      @Bean
      public FilterRegistrationBean corsFilter() {
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        CorsConfiguration config = new CorsConfiguration();
        config.setAllowCredentials(true);
        config.addAllowedOrigin("*");
        config.addAllowedHeader("*");
        config.addAllowedMethod("*");
        source.registerCorsConfiguration("/**", config);
        FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source));
        bean.setOrder(0);
        return bean;
      }
    

    And adding zuul's properties this code

    zuul:
      sensitiveHeaders:
      ignored-headers: Access-Control-Allow-Credentials, Access-Control-Allow-Origin
    

    You can find more detail about the issue here

    0 讨论(0)
  • 2021-02-04 06:27

    Just adding the following to the configuration worked for me

    zuul:
        ignoredHeaders: Access-Control-Allow-Credentials, Access-Control-Allow-Origin
    
    0 讨论(0)
提交回复
热议问题