覆盖CORS配置
我部署了一个基于OSGi示例的叶片CLI blade.rest模块,并对其进行了修改,以返回响应而不是纯文本。这是一堂课:
package com.autentia.api.rest.users;
import org.osgi.service.component.annotations.Component;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.ApplicationPath;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Application;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import java.util.Collections;
import java.util.Set;
@ApplicationPath("/users")
@Component(
immediate = true, property = {"jaxrs.application=true"},
service = Application.class
)
public class UsersRestService extends Application {
@Override
public Set<Object> getSingletons() {
return Collections.singleton(this);
}
@GET
@Path("/")
@Produces(MediaType.APPLICATION_JSON)
public Response getUsers(@Context HttpServletRequest request) {
System.out.println(request.getRemoteAddr());
String json = "{\n" + " \"value\": \"ok\"\n" + "}";
return Response
.status(200)
.header("Access-Control-Allow-Origin", "*")
.entity(json)
.build();
}
}(如果删除.header("Access-Control-Allow-Origin", "*"),则此操作在本地有效。)
当我向服务器请愿时,响应有两个访问控制-访问-原产地属性,一个设置为"*“(这正是我想要的),另一个设置为发送它的ip。答复如下:
Access-Control-Allow-Credentials:true
Access-Control-Allow-Origin:http://localhost:3000
Access-Control-Allow-Origin:*
Content-Length:19
Content-Type:application/json
Date:Wed, 12 Apr 2017 15:23:38 GMT
Server:Apache-Coyote/1.1
Set-Cookie:JSESSIONID=CF771CD0FAECDAF226D153FB05875CC3; Path=/; HttpOnly
X-Content-Type-Options:nosniff
X-Frame-Options:SAMEORIGIN
X-Request-URL:http://localhost:8080/o/api/users
X-XSS-Protection:1如您所见,有两个访问控制-允许-起源,这是不被接受的。我该从哪里开始找呢?我应该修改Tomcat的web.xml吗?我已经查看过portal.properties和system.properties,但还没有看到启用该标头的属性。
谢谢。
回答 2
Stack Overflow用户
发布于 2017-04-12 16:20:46
在您的CorsFilter中查找CATALINA_BASE/conf/web.xml过滤器
过滤器有文档。
若要允许来自任何来源的请求,可以将其添加到该文件中:
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>*</param-value>
</init-param>Stack Overflow用户
发布于 2017-04-24 08:00:56
正如@sideshowbarker提到的,关键是编辑位于Liferay嵌入式Tomcat上的web.xml文件。我应用的配置如下:
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>http://localhost:49227</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
</init-param>
<init-param>
<param-name>cors.exposed.headers</param-name>
<param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
</init-param>
<init-param>
<param-name>cors.support.credentials</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.preflight.maxage</param-name>
<param-value>10</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>之后,我从我使用的getUsers方法的响应中删除了头,并重新启动了Tomcat,从而应用了配置。
如果我想允许所有的起源或白名单If,我将不得不更改以下param
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>http://<IP_TO_WHITELIST>:<PORT></param-value>
</init-param>或允许所有来源:
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>*</param-value>
</init-param>https://stackoverflow.com/questions/43373957
复制相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号