发表新帖
发表新帖

Cross-Origin Request Blocked Spring REST service + AJAX

前端 未结
关注
3 961
闹比i
闹比i 2021-01-02 18:21

Unable to call spring REST service

My spring service

@RequestMapping(value = \"/MAS/authenticate\", method = RequestMethod.POST)
public ResponseEnti
3条回答
  • 鱼传尺愫
    鱼传尺愫 (楼主)
    2021-01-02 18:41

    By default the only method allowed is a GET, and you don't allow the POST on your server side:

    Access-Control-Allow-Origin: *

    This header only enables CORS, but you need to add this:

    Access-Control-Allow-Methods: POST, GET

    More detailed how-to about the HTTP access control (CORS) on Mozilla project

    So your code should be something like this:

    responseHeaders.add("Access-Control-Allow-Methods", "POST, GET"); // also added header to allow POST, GET method to be available
responseHeaders.add("Access-Control-Allow-Origin", "*"); // also added header to allow cross domain request for any domain

    Update:

    I have re-read the article, and found out some details:

    A simple cross-site request is one that:

    • Only uses GET, HEAD or POST. If POST is used to send data to the server, the Content-Type of the data sent to the server with the HTTP POST request is one of application/x-www-form-urlencoded, multipart/form-data, or text/plain.
    • Does not set custom headers with the HTTP Request (such as X-Modified, etc.)

    As you can read in bold, you must set other Content-Type for your data (currently it is contentType: "application/json; charset=utf-8",) or use the preflight technique described later:

    • It uses methods other than GET, HEAD or POST. Also, if POST is used to send request data with a Content-Type other than application/x-www-form-urlencoded, multipart/form-data, or text/plain, e.g. if the POST request sends an XML payload to the server using application/xml or text/xml, then the request is preflighted.
    • It sets custom headers in the request (e.g. the request uses a header such as X-PINGOTHER)

    So I suggest you either change the contentType or try to work with this header into your request:

    Access-Control-Request-Headers: X-HEADER_NAME_OF_YOUR_CHOOSE

    and this headers into your response:

    Access-Control-Allow-Methods: POST, GET, OPTIONS
Access-Control-Allow-Headers: X-HEADER_NAME_OF_YOUR_CHOOSE

    And after that you can try to call your method.

    0 讨论(0)
 看不清?
提交回复
热议问题