jdk1.7+Spring 4.3跨域問題解決

時間 2020-12-02

標籤 java web spring 跨域 mvc cors this code server blog 欄目 Java 简体版

原文原文鏈接

遺留項目 jdk1.7.0_79 + spring mvc (4.3.2)java

接口爲了支持跨域訪問 Nginx作了以下的配置web

location /cgi/myCollections {
        add_header Access-Control-Allow-Credentials true;
        add_header Access-Control-Allow-Origin $http_origin;
        proxy_pass http://localhost:8081/cgi/myCollections;
    }

可是跨域訪問的時候 Status Code: 403 Forbiddenspring

1.  Request URL: http://aaa.foo.com/cgi/myCollections?type=STK&page=1&size=1000
    
2.  Request Method: OPTIONS
    
3.  Status Code: 403 Forbidden

同時Console中錯誤信息以下跨域

Access to XMLHttpRequest at 'http://aaa.foo.com/cgi/myCollections?type=STK&page=1&size=1000' from origin 'http://bbb.foo.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

爲何Nginx明明已經配置了Access-Control-Allow-Origin 怎麼還會報這樣的錯呢mvc

因而嘗試在代碼中顯式添加@CrossOrigin 看看是否有一樣的問題
可是編譯就報錯了cors

annotation org.springframework.web.bind.annotation.CrossOrigin is missing value for the attribute <clinit>

緣由：jdk的bug 得升級jdkthis

It says that this was a known and resolved issue in java 1.8 and has been back-ported to java 7. So, Update to the latest java 7 version (7u80) or Java 8 version.
https://stackoverflow.com/que...

因而升級了到jdk1.7.0_80 果真能正常編譯了因而取消了Nginx配置跨域請求正常code

引伸問題

爲何代碼中配置就能夠可是Nginx配置就不行呢

緣由：代碼中作了限制詳見org.springframework.web.cors.DefaultCorsProcessor#processRequestserver

boolean preFlightRequest = CorsUtils.isPreFlightRequest(request);
if (config == null) {
    if (preFlightRequest) {
        rejectRequest(serverResponse);
        return false;
    }
    else {
        return true;
    }
}

這種狀況下Nginx須要以下配置blog

location /cgi/myCollections {
    add_header Access-Control-Allow-Credentials true;
    add_header Access-Control-Allow-Origin $http_origin;
    add_header Access-Control-Allow-Headers UID;
    proxy_set_header Host 'bbb.foo.com';
    proxy_pass http://localhost:8081/cgi/myCollections;
}