renren-fast在io.renren.config.CorsConfig中配置了跨域请求的处理配置类
@Configuration
public class CorsConfig implements WebMvcConfigurer {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedOriginPatterns("*")
.allowCredentials(true)
.allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS")
.maxAge(3600);
}
}
但是配置了gateway网关之后,这部分跨域设置是不生效的。
此跨域设置应该是直接访问到服务时,才会生效,也就是
浏览器——》发送预检请求给服务如localhost:8000——服务检测到跨域请求,根据如上代码的配置处理请求并响应——》浏览器收到服务允许跨域,发送真正请求
但设置了网关后,如果网关没有配置跨域
浏览器——》发送预检请求到网关——》网关没有配置跨域,不允许跨域请求——》服务器不发送真正请求
在配置了网关的跨域后
@Bean
public CorsWebFilter corsWebFilter(){
UrlBasedCorsConfigurationSource source=new UrlBasedCorsConfigurationSource();
CorsConfiguration configuration=new CorsConfiguration();
//1 配置跨域
configuration.addAllowedHeader("*");
configuration.addAllowedMethod("*");
configuration.addAllowedOriginPattern("*");
configuration.setAllowCredentials(true);
source.registerCorsConfiguration("/**",configuration);
return new CorsWebFilter(source);
}
就成了
浏览器——》发送预检请求到网关——》网关配置跨域,filter处理请求头,增加允许跨域部分——》服务发现跨域,处理允许跨域部分——》返回浏览器,
此时就会发生响应头被重复配置了两次的问题,响应头如下
Access-Control-Allow-Credentials: true
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://localhost:8001
Access-Control-Allow-Origin: http://localhost:8001
Content-Type: application/json
Date: Wed, 09 Nov 2022 03:16:40 GMT
transfer-encoding: chunked
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
报错如下
:8001/#/login:1
Access to XMLHttpRequest at 'http://localhost:88/api/sys/login' from origin 'http://localhost:8001' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains multiple values 'http://localhost:8001, http://localhost:8001', but only one is allowed.
所以在使用网关时,所有服务不应自己配置跨域设置