谷粒商城实战笔记-跨域问题

Java追光着2024-07-23 11:27

一,When allowCredentials is true, allowedOrigins cannot contain the special value "*" since that cannot be set on the "Access-Control-Allow-Origin" response header. To allow credentials to a set of origins, list them explicitly or consider using "allowedOriginPatterns" instead.

1,错误信息

clike 复制代码 
java.lang.IllegalArgumentException: When allowCredentials is true, allowedOrigins cannot contain the special value "*" since that cannot be set on the "Access-Control-Allow-Origin" response header. To allow credentials to a set of origins, list them explicitly or consider using "allowedOriginPatterns" instead.
	at org.springframework.web.cors.CorsConfiguration.validateAllowCredentials(CorsConfiguration.java:473) ~[spring-web-5.3.23.jar:5.3.23]
	Suppressed: reactor.core.publisher.FluxOnAssembly$OnAssemblyException: 
Error has been observed at the following site(s):
	*__checkpoint ⇢ org.springframework.cloud.gateway.filter.WeightCalculatorWebFilter [DefaultWebFilterChain]
	*__checkpoint ⇢ HTTP OPTIONS "/api/sys/login" [ExceptionHandlingWebHandler]
Original Stack Trace:
		at org.springframework.web.cors.CorsConfiguration.validateAllowCredentials(CorsConfiguration.java:473) ~[spring-web-5.3.23.jar:5.3.23]
		at org.springframework.web.cors.CorsConfiguration.checkOrigin(CorsConfiguration.java:577) ~[spring-web-5.3.23.jar:5.3.23]
		at org.springframework.web.cors.reactive.DefaultCorsProcessor.checkOrigin(DefaultCorsProcessor.java:172) ~[spring-web-5.3.23.jar:5.3.23]
		at org.springframework.web.cors.reactive.DefaultCorsProcessor.handleInternal(DefaultCorsProcessor.java:117) ~[spring-web-5.3.23.jar:5.3.23]
		at org.springframework.web.cors.reactive.DefaultCorsProcessor.process(DefaultCorsProcessor.java:96) ~[spring-web-5.3.23.jar:5.3.23]
		at org.springframework.web.cors.reactive.CorsWebFilter.filter(CorsWebFilter.java:79) ~[spring-web-5.3.23.jar:5.3.23]
		at org.springframework.web.server.handler.DefaultWebFilterChain.invokeFilter(DefaultWebFilterChain.java:127) ~[spring-web-5.3.23.jar:5.3.23]
		at org.springframework.web.server.handler.DefaultWebFilterChain.lambda$filter$0(DefaultWebFilterChain.java:121) ~[spring-web-5.3.23.jar:5.3.23]
		at reactor.core.publisher.MonoDefer.subscribe(MonoDefer.java:44) ~[reactor-core-3.4.24.jar:3.4.24]
		at reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:64) ~[reactor-core-3.4.24.jar:3.4.24]
		at reactor.core.publisher.MonoDefer.subscribe(MonoDefer.java:52) ~[reactor-core-3.4.24.jar:3.4.24]
		at reactor.core.publisher.Mono.subscribe(Mono.java:4455) ~[reactor-core-3.4.24.jar:3.4.24]
		at reactor.core.publisher.MonoIgnoreThen$ThenIgnoreMain.subscribeNext(MonoIgnoreThen.java:263) ~[reactor-core-3.4.24.jar:3.4.24]
		at reactor.core.publisher.MonoIgnoreThen.subscribe(MonoIgnoreThen.java:51) ~[reactor-core-3.4.24.jar:3.4.24]
		at reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:64) ~[reactor-core-3.4.24.jar:3.4.24]
		at reactor.core.publisher.MonoDeferContextual.subscribe(MonoDeferContextual.java:55) ~[reactor-core-3.4.24.jar:3.4.24]
		at reactor.netty.http.server.HttpServer$HttpServerHandle.onStateChange(HttpServer.java:993) ~[reactor-netty-http-1.0.24.jar:1.0.24]
		at reactor.netty.ReactorNetty$CompositeConnectionObserver.onStateChange(ReactorNetty.java:677) ~[reactor-netty-core-1.0.24.jar:1.0.24]
		at reactor.netty.transport.ServerTransport$ChildObserver.onStateChange(ServerTransport.java:477) ~[reactor-netty-core-1.0.24.jar:1.0.24]
		at reactor.netty.http.server.HttpServerOperations.onInboundNext(HttpServerOperations.java:573) ~[reactor-netty-http-1.0.24.jar:1.0.24]
		at reactor.netty.channel.ChannelOperationsHandler.channelRead(ChannelOperationsHandler.java:113) ~[reactor-netty-core-1.0.24.jar:1.0.24]
		at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444) ~[netty-transport-4.1.84.Final.jar:4.1.84.Final]
		at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) ~[netty-transport-4.1.84.Final.jar:4.1.84.Final]
		at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) ~[netty-transport-4.1.84.Final.jar:4.1.84.Final]
		at reactor.netty.http.server.HttpTrafficHandler.channelRead(HttpTrafficHandler.java:220) ~[reactor-netty-http-1.0.24.jar:1.0.24]
		at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:442) ~[netty-transport-4.1.84.Final.jar:4.1.84.Final]
		at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) ~[netty-transport-4.1.84.Final.jar:4.1.84.Final]
		at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) ~[netty-transport-4.1.84.Final.jar:4.1.84.Final]
		at io.netty.channel.CombinedChannelDuplexHandler$DelegatingChannelHandlerContext.fireChannelRead(CombinedChannelDuplexHandler.java:436) ~[netty-transport-4.1.84.Final.jar:4.1.84.Final]
		at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:336) ~[netty-codec-4.1.84.Final.jar:4.1.84.Final]
		at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:308) ~[netty-codec-4.1.84.Final.jar:4.1.84.Final]
		at io.netty.channel.CombinedChannelDuplexHandler.channelRead(CombinedChannelDuplexHandler.java:251) ~[netty-transport-4.1.84.Final.jar:4.1.84.Final]
		at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:442) ~[netty-transport-4.1.84.Final.jar:4.1.84.Final]
		at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) ~[netty-transport-4.1.84.Final.jar:4.1.84.Final]
		at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) ~[netty-transport-4.1.84.Final.jar:4.1.84.Final]
		at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) ~[netty-transport-4.1.84.Final.jar:4.1.84.Final]
		at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440) ~[netty-transport-4.1.84.Final.jar:4.1.84.Final]
		at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) ~[netty-transport-4.1.84.Final.jar:4.1.84.Final]
		at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) ~[netty-transport-4.1.84.Final.jar:4.1.84.Final]
		at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166) ~[netty-transport-4.1.84.Final.jar:4.1.84.Final]
		at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:788) ~[netty-transport-4.1.84.Final.jar:4.1.84.Final]
		at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:724) ~[netty-transport-4.1.84.Final.jar:4.1.84.Final]
		at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:650) ~[netty-transport-4.1.84.Final.jar:4.1.84.Final]
		at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:562) ~[netty-transport-4.1.84.Final.jar:4.1.84.Final]
		at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997) ~[netty-common-4.1.84.Final.jar:4.1.84.Final]
		at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) ~[netty-common-4.1.84.Final.jar:4.1.84.Final]
		at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) ~[netty-common-4.1.84.Final.jar:4.1.84.Final]
		at java.base/java.lang.Thread.run(Thread.java:842) ~[na:na]

2024-07-22 17:07:53.302 ERROR 4804 --- [ctor-http-nio-2] a.w.r.e.AbstractErrorWebExceptionHandler : [ca4ea7bb-2]  500 Server Error for HTTP OPTIONS "/api/sys/login"

2,问题原因:

SpringBoot升级2.4.0+之后,跨域配置中的.allowedOrigins不再可用

3, 解决办法:

将配置中的.allowedOrigins替换成.allowedOriginPatterns即可。

二,Access to XMLHttpRequest at 'http://localhost:88/api/sys/login' from origin 'http://localhost:8001' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains multiple values 'http://localhost:8001, http://localhost:8001', but only one is allowed.

这个错误的原因是在网关和后台服务都配置了允许跨域。

导致正式发送请求时有两个相同的header头,配置重复。

该错误信息指出,XMLHttpRequest 请求从 http://localhost:8001 发起到 http://localhost:88/api/sys/login 的跨域请求时,被CORS策略阻止。具体的问题在于 Access-Control-Allow-Origin 响应头包含了多个值 'http://localhost:8001,http://localhost:8001',但是CORS规范要求这个头部只能包含一个值。

这种错误通常是由以下情况引起的:

重复设置响应头

  • 在后端服务或网关中,可能有两个地方设置了 Access-Control-Allow-Origin 头部,或者在处理请求的过程中,多次调用了添加响应头的方法,导致该头部被重复设置。例如,在Spring框架中,可能在过滤器(Filter)和拦截器(Interceptor)中都进行了设置。

解决方案

要解决这个问题,你需要检查并修正以下几点:

  1. 检查CORS配置
    • 确保在你的网关和后端服务中,Access-Control-Allow-Origin 头部只在一个地方被正确设置,而且没有重复的代码块。

去掉后台服务的跨域配置就可以了。

相关推荐
魔都大虾1 小时前
旧时光里面有那些情话句子 什么比较热门
笔记
Java成神之路-1 小时前
【算法刷题笔记】全题型导航目录
笔记·算法
zhangrelay1 小时前
云课实践速通系列-基础篇汇总-必修-通识基础和专业基础-2026--工科--自动化、电气、机器人、测控等
linux·笔记·单片机·学习·ubuntu·机器人·自动化
05候补工程师1 小时前
【编译原理】自顶向下语法分析深度解析:从 LL(1) 文法判定、改写到预测分析表
经验分享·笔记·考研·自然语言处理
ErizJ3 小时前
Linux|学习笔记
linux·笔记·学习
wanghanjiett3 小时前
笔记:ESP32驱动SimpleFOC成功(基于Espressif-IDE)
笔记·esp32·foc
大邳草民4 小时前
Python 爬虫:从 HTTP 请求到接口分析
笔记·爬虫·python
南湖渔歌4 小时前
【成功实践版】workbuddy_把多张图片转成完整Markdown笔记
人工智能·笔记·workbuddy
想成为优秀工程师的爸爸5 小时前
车载以太网之要火系列 - 第33篇:郭大侠学UDS(10服务)- 桃花岛内规矩多,模式切换要会说
网络·笔记·网络协议·信息与通信·车载以太网
智者知已应修善业5 小时前
【51单片机从奇数始再转偶数逐一点亮并循环】2023-9-8
c++·经验分享·笔记·算法·51单片机
热门推荐
01要裂开了!ChatGPT要手机号验证了?注册Codex要求验证电话号码怎么办?2026年登陆Codex要手机号验证的解决办法02GitHub 镜像站点03Codex 接入 DeepSeek API 完整配置文档04零基础教你claude code 接入 deepseek V405【AI】2026 年具身智能模型和世界模型总结062026年AI前瞻:量子AI、具身智能与科学发现的新纪元07裂开!ChatGPT 居然开始要手机号验证,附详细解决方法08几个好用的ip纯净度检测网站09CC-Switch & Claude 基于 Linux 服务器安装使用指南10VSCode + Copilot下:配置并使用 DeepSeek