roginluo 2021-10-11 20:40 采纳率: 0%
浏览 107

Vue + Axios +Spring Cloud Gateway Cors

我使用Axios请求基于Spring Cloud Gateway的服务,出现了被block的问题:

Access to XMLHttpRequest at 'http://localhost:9443/usc-merchant/ticket/ticketKind/listPage?orders%5B0%5D.asc=false&orders%5B0%5D.column=create_time' from origin 'http://localhost:8081' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

img

正常情况下是服务端没有prefight请求,但实际上是有prefight的请求的

请求网址: http://localhost:9443/usc-merchant/ticket/ticketKind/listPage?orders%5B0%5D.asc=false&orders%5B0%5D.column=create_time
请求方法: OPTIONS
状态代码: 200 OK
远程地址: [::1]:9443
引荐来源网址政策: strict-origin-when-cross-origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: user
Access-Control-Allow-Methods: GET,POST,OPTIONS,PUT
Access-Control-Allow-Origin: http://localhost:8081
Access-Control-Max-Age: 3600
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
content-length: 0
Expires: 0
Pragma: no-cache
Referrer-Policy: no-referrer
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1 ; mode=block
Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Access-Control-Request-Headers: user
Access-Control-Request-Method: GET
Connection: keep-alive
Host: localhost:9443
Origin: http://localhost:8081
Referer: http://localhost:8081/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36
orders[0].asc: false
orders[0].column: create_time

img


我的spring cloud gateway配置如下:

spring:
  cloud:
    gateway:
      globalcors:
        cors-configurations:
          '[/**]':
            allowedOrigins: "*"
            allowedHeaders: "*"
            allowCredentials: true
            maxAge: 3600
            allowedMethods:
              - GET
              - POST
              - OPTIONS
              - PUT

可以看到服务端已经提供了
Access-Control-Allow-Origin: http://localhost:8081
但是浏览器任然出现以下错误:

A cross-origin resource sharing (CORS) request was blocked because of invalid or missing response headers of the request or the associated preflight request.

To fix this issue, ensure the response to the CORS request and/or the associated preflight request are not missing headers and use valid header values.

Note that if an opaque response is sufficient, the request's mode can be set to no-cors to fetch the resource with CORS disabled; that way CORS headers are not required but the response content is inaccessible (opaque).

受影响的资源

1项请求

| 请求 | 状态 | 预检请求(如果出现问题) | 标头 | 问题 | 无效值(若有) |
| ------------------------------------------------------------ | ------ | ------------------------ | --------------------------- | -------- | -------------- |
| listPage?orders%5B0%5D.asc=false&orders%5B0%5D.column=create_time | 已屏蔽 | | Access-Control-Allow-Origin | 缺少标头 | |

  • 了解详情:跨域资源共享 (CORS)

img

  • 写回答

1条回答 默认 最新

报告相同问题?

问题事件

  • 创建了问题 10月11日

悬赏问题

  • ¥30 深度学习,前后端连接
  • ¥15 孟德尔随机化结果不一致
  • ¥15 apm2.8飞控罗盘bad health,加速度计校准失败
  • ¥15 求解O-S方程的特征值问题给出边界层布拉休斯平行流的中性曲线
  • ¥15 谁有desed数据集呀
  • ¥20 手写数字识别运行c仿真时,程序报错错误代码sim211-100
  • ¥15 关于#hadoop#的问题
  • ¥15 (标签-Python|关键词-socket)
  • ¥15 keil里为什么main.c定义的函数在it.c调用不了
  • ¥50 切换TabTip键盘的输入法