写点什么

When allowCredentials is true, allowedOrigins cannot contain the special value ___ since that cannot be set on the _Access-Contr

作者:共饮一杯无
  • 2022 年 10 月 01 日
    浙江
  • 本文字数:1730 字

    阅读完需:约 6 分钟

When allowCredentials is true, allowedOrigins cannot contain the special value ___ since that cannot be set on the _Access-Contr

问题描述

SpringBoot 升级后跨域请求报如下错误


java.lang.IllegalArgumentException: When allowCredentials is true, allowedOrigins cannot contain the special value "*" since that cannot be set on the "Access-Control-Allow-Origin" response header. To allow credentials to a set of origins, list them explicitly or consider using "allowedOriginPatterns" instead.  at org.springframework.web.cors.CorsConfiguration.validateAllowCredentials(CorsConfiguration.java:473)  Suppressed: reactor.core.publisher.FluxOnAssembly$OnAssemblyException: Error has been observed at the following site(s):  *__checkpoint ⇢ com.xxx.cloud.gateway.config.CorsConfig$1 [DefaultWebFilterChain]  *__checkpoint ⇢ com.xxx.cloud.gateway.config.CorsConfig$$Lambda$615/1289462509 [DefaultWebFilterChain]  *__checkpoint ⇢ org.springframework.cloud.gateway.filter.WeightCalculatorWebFilter [DefaultWebFilterChain]  *__checkpoint ⇢ com.alibaba.csp.sentinel.adapter.spring.webflux.SentinelWebFluxFilter [DefaultWebFilterChain]  *__checkpoint ⇢ HTTP GET "/api/auth/v2/api-docs" [ExceptionHandlingWebHandler]
复制代码


When allowCredentials is true, allowedOrigins cannot contain the special value "*" since that cannot be set on the "Access-Control-Allow-Origin" response header. To allow credentials to a set of origins, list them explicitly or consider using "allowedOriginPatterns" instead.翻译为:当 allowCredentials 为真时, allowedorigin 不能包含特殊值"", 因为不能在"Access-Control-Allow-Origin"响应头中设置该值。要允许凭证到起源,显式地列出它们,或者考虑使用"allowedOriginPatterns"代替。

解决办法

跨域配置报错,将.allowedOrigins 替换成.allowedOriginPatterns 即可。


@Configurationpublic class CorsConfig {    private CorsConfiguration buildConfig() {        CorsConfiguration corsConfiguration = new CorsConfiguration();        //corsConfiguration.addAllowedOrigin("*");        // 跨域配置报错,将.allowedOrigins替换成.allowedOriginPatterns即可。        // 设置允许跨域请求的域名        corsConfiguration.addAllowedOriginPattern("*");        corsConfiguration.addAllowedHeader("*");        // 设置允许的方法        corsConfiguration.addAllowedMethod("*");        // 是否允许证书        corsConfiguration.setAllowCredentials(true);        // 跨域允许时间        corsConfiguration.setMaxAge(3600L);        return corsConfiguration;    }
@Bean public CorsFilter corsFilter() { UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); source.registerCorsConfiguration("/**", buildConfig()); return new CorsFilter(source); }
}
复制代码


要是通过实现 WebMvcConfigurer 接口的形式,则按照如下修改:


@Configurationpublic class CorsConfig implements WebMvcConfigurer {
/** * 开启跨域 */ @Override public void addCorsMappings(CorsRegistry registry) { // 设置允许跨域的路由 registry.addMapping("/**") // 设置允许跨域请求的域名 //.allowedOrigins("*") //跨域配置报错,将.allowedOrigins替换成.allowedOriginPatterns即可。 .allowedOriginPatterns("*") // 是否允许证书(cookies) .allowCredentials(true) // 设置允许的方法 .allowedMethods("*") // 跨域允许时间 .maxAge(3600); }
}
复制代码


本文内容到此结束了,

如有收获欢迎点赞👍收藏💖关注✔️,您的鼓励是我最大的动力

如有错误❌疑问💬欢迎各位指出。

主页共饮一杯无的博客汇总👨‍💻

保持热爱,奔赴下一场山海。🏃🏃🏃

发布于: 刚刚阅读数: 4
用户头像

鲜衣怒马意气风发,愿你归来仍是少年。 2018.10.19 加入

全栈开发者,CSDN博客专家,51CTO 专家博主,阿里云专家博主,华为云享专家,持续输出干货,欢迎关注。

评论

发布
暂无评论
When allowCredentials is true, allowedOrigins cannot contain the special value ___ since that cannot be set on the _Access-Contr_Java_共饮一杯无_InfoQ写作社区