When allowCredentials is true, allowedOrigins cannot contain the special value “*“ since that cannot

springboot + html 项目
后端启动项目之后,前端页面访问,前端页面500,后端报错,核心报错内容如下:

2021-09-14 17:48:49.275  INFO 14196 --- [nio-9000-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring DispatcherServlet 'dispatcherServlet'
2021-09-14 17:48:49.276  INFO 14196 --- [nio-9000-exec-1] o.s.web.servlet.DispatcherServlet        : Initializing Servlet 'dispatcherServlet'
2021-09-14 17:48:49.277  INFO 14196 --- [nio-9000-exec-1] o.s.web.servlet.DispatcherServlet        : Completed initialization in 1 ms
2021-09-14 17:48:49.296 ERROR 14196 --- [nio-9000-exec-1] o.a.c.c.C.[.[.[/].[dispatcherServlet]   
 : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed;
  nested exception is java.lang.IllegalArgumentException: 
  When allowCredentials is true, allowedOrigins cannot contain the special value "*" since that cannot be set on the "Access-Control-Allow-Origin" response header. 
  To allow credentials to a set of origins, 
  list them explicitly or consider using "allowedOriginPatterns" instead.] with root cause

原因在于 WebMvcConfig 类中 使用了 .allowedOrigins("") ,旭替换为 .allowedOriginPatterns("")。
解决方案如下:

原代码如下:

package com.yx.common;

import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;


/**
 * 解决跨域访问的配置
 */
@Configuration
public class WebMvcConfig implements WebMvcConfigurer {

    @Override
    public void addCorsMappings(CorsRegistry registry) {
       registry.addMapping("/**")
                .allowCredentials(true)
                .allowedHeaders("Access-Control-Request-Method","Access-Control-Request-Headers","token","Content-Type","X-Requested-With","accept,Origin")
                .allowedMethods("*")
                .allowedOriginPatterns("*");
    }
}

修改后码如下:

package com.yx.common;

import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;


/**
 * 解决跨域访问的配置
 */
@Configuration
public class WebMvcConfig implements WebMvcConfigurer {

    @Override
    public void addCorsMappings(CorsRegistry registry) {
			registry.addMapping("/**")
                .allowCredentials(true)
                .allowedHeaders("Access-Control-Request-Method","Access-Control-Request-Headers","token","Content-Type","X-Requested-With","accept,Origin")
//                .allowedMethods("*")
                .allowedOrigins("*")
                .allowedOriginPatterns("*");
    }
}

上一篇:Android应用程序资源的查找过程分析


下一篇:“Usage of API documented as @since 1.8+”报错的解决办法