Spring boot Cors跨域异常：When allowCredentials is true, allowedOrigins cannot contain the special value

码农世界 2024-06-14 后端 103 次浏览 0个评论

When allowCredentials is true, allowedOrigins cannot contain thespecial value "*"since that cannot be set on the “Access-Control-Allow-Origin” response header. To allow credentials to

a set of origins, list them explicitly or consider using “allowedOriginPatterns” instead.

问题：

出现该问题是跨域问题，当allowCredentials为true时，allowingOrigins不能包含特殊值“ *”，因为无法在“ Access-Control-Allow-Origin”响应标头上设置。

解决：

将allowingOrigins换成allowedOriginPatterns即可。

修改前：

@Configuration
public class ConfigCors implements WebMvcConfigurer {
    @Override
    public void addCorsMappings(CorsRegistry registry) {
        registry.addMapping("/**")
                .allowedOrigins("*")
                .allowedMethods("GET", "HEAD", "POST", "PUT", "PATCH", "DELETE", "OPTIONS", "TRACE")
                .maxAge(180000)
                .allowedHeaders("*")
                .allowCredentials(true);
    }
}

修改后：

@Configuration
public class ConfigCors implements WebMvcConfigurer {
    @Override
    public void addCorsMappings(CorsRegistry registry) {
        registry.addMapping("/**")
                .allowedOriginPatterns("*")
                .allowedMethods("GET", "HEAD", "POST", "PUT", "PATCH", "DELETE", "OPTIONS", "TRACE")
                .maxAge(180000)
                .allowedHeaders("*")
                .allowCredentials(true);
    }
}