使用Spring Cloud Gateway时的无效CORS请求
我有一个弹簧云网关,它可以转到下游服务器,而且我还配置了过滤器以返回下面的标头
以下是响应标头
access-control-allow-headers: origin, content-type, accept, x-requested-with
access-control-allow-methods: get, post, put, delete, options
access-control-allow-origin: *
access-control-max-age: 3600
date: sun, 19 jun 2022 11:40:13 gmt
expires: 0
pragma: no-cache
vary: origin
vary: access-control-request-method
vary: access-control-request-headers
以下是请求标题,当Chrome
:authority: web.user.tc.com
:method: post
:path: /server/user/data
:scheme: https
accept: application/json
accept-encoding: gzip, deflate, br
accept-language: en-us,en;q=0.9
cache-control: no-cache
content-length: 1787
content-type: application/json
origin: https://web.user.tc.com
pragma: no-cache
referer: https://web.user.tc.com
sec-ch-ua: " not a;brand";v="99", "chromium";v="102", "google chrome";v="102"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "windows"
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-origin
user-agent: mozilla/5.0 (windows nt 10.0; wow64) applewebkit/537.36 (khtml, like gecko) chrome/102.0.0.0 safari/537.36 ionic/2.16.8
,但仍然在我的Chrome浏览器上收到无效的CORS请求 无法理解缺少哪个标头?
有没有办法调试到底缺少什么
I have a spring cloud gateway, it forward to downstream servers, and also I have configured filter it to return the below headers
below are the response headers
access-control-allow-headers: origin, content-type, accept, x-requested-with
access-control-allow-methods: get, post, put, delete, options
access-control-allow-origin: *
access-control-max-age: 3600
date: sun, 19 jun 2022 11:40:13 gmt
expires: 0
pragma: no-cache
vary: origin
vary: access-control-request-method
vary: access-control-request-headers
Below are the Request headers when request is made from chrome
:authority: web.user.tc.com
:method: post
:path: /server/user/data
:scheme: https
accept: application/json
accept-encoding: gzip, deflate, br
accept-language: en-us,en;q=0.9
cache-control: no-cache
content-length: 1787
content-type: application/json
origin: https://web.user.tc.com
pragma: no-cache
referer: https://web.user.tc.com
sec-ch-ua: " not a;brand";v="99", "chromium";v="102", "google chrome";v="102"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "windows"
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-origin
user-agent: mozilla/5.0 (windows nt 10.0; wow64) applewebkit/537.36 (khtml, like gecko) chrome/102.0.0.0 safari/537.36 ionic/2.16.8
but still, I am getting an Invalid Cors Request on my chrome browser
not able to understand which header is missing?
is there a way to debug what exactly is missing
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
可以从您的下游服务返回“无效的CORS请求”。这可能是因为相同的“原点”标头可能已经转发到下游服务,并且您的下游服务可能没有任何CORS设置。
为了避免这种情况,您可以使用Spring Cloud Gateway的RemoverEquestheader网关滤波器在路由过程中删除“原点”标头。
如果您使用的是Java API路由,则可能需要将其应用于每个路由,否则您可以将其设置为应用程序YAML中的默认过滤器。已经存在一个错误,默认文件不适用于Java API路由 - 春季云问题
您可以将下面的配置放在应用程序中。yaml,以启用Spring Cloud Gateway的调试日志。
The 'Invalid Cors Request' may be returned from you downstream service. This may be because the same 'Origin' header might have got forwarded to downstream service and your downstream service might not have any CORS setting.
To avoid this you can use the RemoveRequestHeader gateway filter of spring cloud gateway to remove the 'Origin' header during routing.
If you are using Java API routes then you might need to apply this to each routes otherwise you can set it as a default-filter in your application yaml. There is already a bug where the default-filters do not work for Java API routes - Spring cloud Issue
You can put below configuration in your application.yaml to enable debug logs for spring cloud gateway.