问题
Access to XMLHttpRequest at ‘http://B/path/a’ from origin ‘http://A’ has been blocked by CORS policy: Request header field AC-User-Agent is not allowed by Access-Control-Allow-Headers in preflight response.
产生原因
前后端分离项目,由于老版本项目没有接入网关和微服务,因此需要通过域名加接口地址的方式来直接访问,因此出现以下情况:
网站主域名是A,老接口服务的域名是B。
在调用老接口服务时,要求前端在header里必须加上AC-User-Agent字段,用于实现老接口业务
在这种情况下,前端在A网站上调用B,由此产生上述问题
解决方法
由于是跨域调用B接口时,未允许使用请求头AC-User-Agent(Request header field AC-User-Agent is not allowed by Access-Control-Allow-Headers),因此需要在B的Java代码里面新建一个过滤器,在过滤器中设置AC-User-Agent为合法请求头
@WebFilter("/*")
public class CorsFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletResponse resp = (HttpServletResponse) servletResponse;
HttpServletRequest req = (HttpServletRequest) servletRequest;
String origin = req.getHeader("Origin");
resp.setHeader("Access-Control-Allow-Origin", origin);
resp.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS");
resp.setHeader("Access-Control-Allow-Headers", "AC-User-Agent, token, content-type");
resp.setHeader("Access-Control-Allow-Credentials", "true");
filterChain.doFilter(servletRequest, servletResponse);
}
@Override
public void destroy() {
}
}
更多推荐
解决Request header field XXX is not allowed by access-control-allow-headers in pre
发布评论