0
点赞
收藏
分享

微信扫一扫

When allowCredentials is true, allowedOrigins cannot contain the special value “*“ that cannot be

12a597c01003 2022-09-05 阅读 213


SpringBoot升级2.4.0所出现的问题:
When allowCredentials is true, allowedOrigins cannot contain the special value “*” since that cannot be set on the “Access-Control-Allow-Origin” response header. To allow credentials to a set of origins, list them explicitly or consider using “allowedOriginPatterns” instead.

解决方案:
跨域配置报错,将.allowedOrigins替换成.allowedOriginPatterns即可。
调整前:

package com.course.server.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

@Configuration
public class CorsConfig implements WebMvcConfigurer {

@Override
public void addCorsMappings(CorsRegistry registry) {
// 设置允许跨域的路由
registry.addMapping("/**")
// 设置允许跨域请求的域名
.allowedOrigins("*")
.allowedHeaders(CorsConfiguration.ALL)
// 设置允许的方法
.allowedMethods(CorsConfiguration.ALL)
// 是否允许证书(cookies)
.allowCredentials(true)
// 跨域允许时间
.maxAge(3600);//1小时内不需要校验,发送OPTIONS请求
}
}

调整后:

package com.course.server.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

@Configuration
public class CorsConfig implements WebMvcConfigurer {

@Override
public void addCorsMappings(CorsRegistry registry) {
// 设置允许跨域的路由
registry.addMapping("/**")
// 设置允许跨域请求的域名
.allowedOriginPatterns("*")
.allowedHeaders(CorsConfiguration.ALL)
// 设置允许的方法
.allowedMethods(CorsConfiguration.ALL)
// 是否允许证书(cookies)
.allowCredentials(true)
// 跨域允许时间
.maxAge(3600);//1小时内不需要校验,发送OPTIONS请求
}
}


举报

相关推荐

0 条评论