SpringBoot升级2.4.0所出现的问题:
When allowCredentials is true, allowedOrigins cannot contain the special value “*” since that cannot be set on the “Access-Control-Allow-Origin” response header. To allow credentials to a set of origins, list them explicitly or consider using “allowedOriginPatterns” instead.
解决方案:
跨域配置报错,将.allowedOrigins替换成.allowedOriginPatterns即可。
调整前:
package com.course.server.config;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@Configuration
public class CorsConfig implements WebMvcConfigurer {
@Override
public void addCorsMappings(CorsRegistry registry) {
// 设置允许跨域的路由
registry.addMapping("/**")
// 设置允许跨域请求的域名
.allowedOrigins("*")
.allowedHeaders(CorsConfiguration.ALL)
// 设置允许的方法
.allowedMethods(CorsConfiguration.ALL)
// 是否允许证书(cookies)
.allowCredentials(true)
// 跨域允许时间
.maxAge(3600);//1小时内不需要校验,发送OPTIONS请求
}
}
调整后:
package com.course.server.config;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@Configuration
public class CorsConfig implements WebMvcConfigurer {
@Override
public void addCorsMappings(CorsRegistry registry) {
// 设置允许跨域的路由
registry.addMapping("/**")
// 设置允许跨域请求的域名
.allowedOriginPatterns("*")
.allowedHeaders(CorsConfiguration.ALL)
// 设置允许的方法
.allowedMethods(CorsConfiguration.ALL)
// 是否允许证书(cookies)
.allowCredentials(true)
// 跨域允许时间
.maxAge(3600);//1小时内不需要校验,发送OPTIONS请求
}
}
