springboot2.4.1跨域设置的变化 博客分类: spring boot 实践笔记 springboot2.4.1跨域
程序员文章站
2024-02-24 12:49:34
...
最近手贱,把一个项目的springboot版本由2.3升级到了2.4.1,结果开发时跨域失效了。查看接口日志,报错:
java.lang.IllegalArgumentException: When allowCredentials is true, allowedOrigins cannot contain the special value "*"since that cannot be set on the "Access-Control-Allow-Origin" response header. To allow credentials to a set of origins, list them explicitly or consider using "allowedOriginPatterns" instead. at org.springframework.web.cors.CorsConfiguration.validateAllowCredentials(CorsConfiguration.java:453) at org.springframework.web.cors.CorsConfiguration.checkOrigin(CorsConfiguration.java:557) at org.springframework.web.cors.DefaultCorsProcessor.checkOrigin(DefaultCorsProcessor.java:174)
原来开发版本的跨域这样设置:
@Bean public FilterRegistrationBean<CorsFilter> corsFilter() { CorsConfiguration config = new CorsConfiguration(); config.setAllowCredentials(true); config.addAllowedOrigin("*"); config.addAllowedHeader("*"); config.addAllowedMethod("*"); UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); source.registerCorsConfiguration("/**", config); FilterRegistrationBean<CorsFilter> bean = new FilterRegistrationBean<CorsFilter>(new CorsFilter(source)); bean.setOrder(Ordered.HIGHEST_PRECEDENCE); return bean; }
开发版本为了让所有web开发人员能访问,直接config.addAllowedOrigin("*"),到spring boot 2.4.1版本(对应spring5.3),allowCredentials为true的情况下,不允许addAllowedOrigin为“*”。当然可以使用allowedOriginPatterns代替。
@Bean public FilterRegistrationBean<CorsFilter> corsFilter() { CorsConfiguration config = new CorsConfiguration(); config.setAllowCredentials(true); List<String> allowedOriginPatterns = new ArrayList<>(); allowedOriginPatterns.add("*"); config.setAllowedOriginPatterns(allowedOriginPatterns); // config.addAllowedOrigin("*"); config.addAllowedHeader("*"); config.addAllowedMethod("*"); UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); source.registerCorsConfiguration("/**", config); FilterRegistrationBean<CorsFilter> bean = new FilterRegistrationBean<CorsFilter>(new CorsFilter(source)); bean.setOrder(Ordered.HIGHEST_PRECEDENCE); logger.warn("======CorsFilter injection=====AllowedOrigin: *===="); return bean; }