问题描述
SpringBoot 升级后跨域请求报如下错误
java.lang.IllegalArgumentException: When allowCredentials is true, allowedOrigins cannot contain the special value "*" since that cannot be set on the "Access-Control-Allow-Origin" response header. To allow credentials to a set of origins, list them explicitly or consider using "allowedOriginPatterns" instead. at org.springframework.web.cors.CorsConfiguration.validateAllowCredentials(CorsConfiguration.java:473) Suppressed: reactor.core.publisher.FluxOnAssembly$OnAssemblyException: Error has been observed at the following site(s): *__checkpoint ⇢ com.xxx.cloud.gateway.config.CorsConfig$1 [DefaultWebFilterChain] *__checkpoint ⇢ com.xxx.cloud.gateway.config.CorsConfig$$Lambda$615/1289462509 [DefaultWebFilterChain] *__checkpoint ⇢ org.springframework.cloud.gateway.filter.WeightCalculatorWebFilter [DefaultWebFilterChain] *__checkpoint ⇢ com.alibaba.csp.sentinel.adapter.spring.webflux.SentinelWebFluxFilter [DefaultWebFilterChain] *__checkpoint ⇢ HTTP GET "/api/auth/v2/api-docs" [ExceptionHandlingWebHandler]
复制代码
When allowCredentials is true, allowedOrigins cannot contain the special value "*" since that cannot be set on the "Access-Control-Allow-Origin" response header. To allow credentials to a set of origins, list them explicitly or consider using "allowedOriginPatterns" instead.翻译为:当 allowCredentials 为真时, allowedorigin 不能包含特殊值"", 因为不能在"Access-Control-Allow-Origin"响应头中设置该值。要允许凭证到起源,显式地列出它们,或者考虑使用"allowedOriginPatterns"代替。
解决办法
跨域配置报错,将.allowedOrigins 替换成.allowedOriginPatterns 即可。
@Configurationpublic class CorsConfig { private CorsConfiguration buildConfig() { CorsConfiguration corsConfiguration = new CorsConfiguration(); //corsConfiguration.addAllowedOrigin("*"); // 跨域配置报错,将.allowedOrigins替换成.allowedOriginPatterns即可。 // 设置允许跨域请求的域名 corsConfiguration.addAllowedOriginPattern("*"); corsConfiguration.addAllowedHeader("*"); // 设置允许的方法 corsConfiguration.addAllowedMethod("*"); // 是否允许证书 corsConfiguration.setAllowCredentials(true); // 跨域允许时间 corsConfiguration.setMaxAge(3600L); return corsConfiguration; }
@Bean public CorsFilter corsFilter() { UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); source.registerCorsConfiguration("/**", buildConfig()); return new CorsFilter(source); }
}
复制代码
要是通过实现 WebMvcConfigurer 接口的形式,则按照如下修改:
@Configurationpublic class CorsConfig implements WebMvcConfigurer {
/** * 开启跨域 */ @Override public void addCorsMappings(CorsRegistry registry) { // 设置允许跨域的路由 registry.addMapping("/**") // 设置允许跨域请求的域名 //.allowedOrigins("*") //跨域配置报错,将.allowedOrigins替换成.allowedOriginPatterns即可。 .allowedOriginPatterns("*") // 是否允许证书(cookies) .allowCredentials(true) // 设置允许的方法 .allowedMethods("*") // 跨域允许时间 .maxAge(3600); }
}
复制代码
本文内容到此结束了,
如有收获欢迎点赞👍收藏💖关注✔️,您的鼓励是我最大的动力
如有错误❌疑问💬欢迎各位指出。
主页:共饮一杯无的博客汇总👨💻
保持热爱,奔赴下一场山海。🏃🏃🏃
评论