网站在 https 上调用 REST API 时出现 CORS 问题

发布于 2025-01-11 05:40:52 字数 999 浏览 0 评论 0原文

我有一个在 https 上运行的网站。我希望该网站与 AWS EC2 服务器上运行的 REST Api 服务进行通信。该服务使用 Spring Boot 实现，Controller 类包含 @CrossOrigin 注解，并以源站网站作为参数。但是，在使用自签名证书侦听端口 443 的服务从网站执行 POST 请求时，出现以下错误：

  Access to XMLHttpRequest at x from origin y has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

在执行 时出现以下错误： GET 请求：

  Access to XMLHttpRequest at x from origin y has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

我还在服务 @CrossOrigin 注释中声明了 localhost。

如果我使用自签名证书在端口 443 上运行我的服务，则会失败并出现与上述相同的错误，但如果我在端口 8080 上运行我的服务，则它工作正常> 没有 SSL。

你知道我做错了什么吗？

另外，我想如果我设法解决 CORS 问题，我仍然会遇到问题，因为我的证书是自签名的。例如，如何为 EC2 中运行的 REST Api 安装公共证书？

谢谢！

原文

I have a website running on https.
I want this website to communicate with a REST Api service running on a AWS EC2 server.
This service is implemented with Spring Boot and the Controller class contains the @CrossOrigin annotation with the origin website as a parameter.
However I am getting following error while doing a POST request from the website with the service listening on port 443 with a self signed certificate:

  Access to XMLHttpRequest at x from origin y has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

And following one while doing a GET request:

  Access to XMLHttpRequest at x from origin y has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

I also declared localhost in the service @CrossOrigin annotation.

It is failing with same error as above if I have my service run on port 443 with a self signed certificate, but it is working fine if I have my service running on port 8080 without SSL.

Do you know what I am doing wrong?

Also I guess that if I manage to solve the CORS issue I will still have a problem, as my certificate is self signed.
How can I install a public certificate for a REST Api running in EC2 for example?

Thanks!

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

So要识趣 2025-01-18 05:40:52

将下面提到的配置添加到您的 spring-boot 项目中。

@Configuration
public class CorsConfig {

    @Bean
    public CorsFilter corsFilter() {

        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        CorsConfiguration config = new CorsConfiguration();
        config.addAllowedOrigin("*");
        config.addAllowedHeader("*");
        config.addAllowedMethod("OPTIONS");
        config.addAllowedMethod("HEAD");
        config.addAllowedMethod("GET");
        config.addAllowedMethod("PUT");
        config.addAllowedMethod("POST");
        config.addAllowedMethod("DELETE");
        config.addAllowedMethod("PATCH");
        source.registerCorsConfiguration("/**", config);
        return new CorsFilter(source);
    }
}

Add the config mentioned below to your spring-boot project.

@Configuration
public class CorsConfig {

    @Bean
    public CorsFilter corsFilter() {

        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        CorsConfiguration config = new CorsConfiguration();
        config.addAllowedOrigin("*");
        config.addAllowedHeader("*");
        config.addAllowedMethod("OPTIONS");
        config.addAllowedMethod("HEAD");
        config.addAllowedMethod("GET");
        config.addAllowedMethod("PUT");
        config.addAllowedMethod("POST");
        config.addAllowedMethod("DELETE");
        config.addAllowedMethod("PATCH");
        source.registerCorsConfiguration("/**", config);
        return new CorsFilter(source);
    }
}

回复收藏 0 原文

~没有更多了~