更新时间:2022-05-20 22:38:20
从前端代码中的HttpHeaders
中删除Access-Control-Allow-Methods
和Access-Control-Allow-Headers
.这些标头应该从服务器作为 response 标头发送(这是您在CORSResponseFilter
中所做的事情).
Remove the Access-Control-Allow-Methods
and the Access-Control-Allow-Headers
from the HttpHeaders
in the frontend code. These headers are supposed be sent as response headers from the server (which is what you are doing in your CORSResponseFilter
).
无法加载 http://localhost:8080/请求标头字段Access-Control-Allow-Methods为飞行前响应中Access-Control-Allow-Headers不允许
Failed to load http://localhost:8080/ Request header field Access-Control-Allow-Methods is not allowed by Access-Control-Allow-Headers in preflight response
此错误的意思是服务器响应标头Access-Control-Allow-Headers
在标头值中不包含Access-Control-Allow-Methods
(不应该). Access-Control-Allow-Headers
的目的是告诉浏览器允许客户端将哪些请求标头发送到服务器.您可以在CORSResponseFilter
中看到允许的标题. Access-Control-Allow-Methods
不是其中之一.
What this error is saying is that the server response header Access-Control-Allow-Headers
doesn't include Access-Control-Allow-Methods
in the header value (which is shouldn't). The purpose of the Access-Control-Allow-Headers
is to tell the browser which request headers the client is allowed to send to the server. You can see in the CORSResponseFilter
which headers you allow. Access-Control-Allow-Methods
is not one of them.
在使用它的同时,您也可以删除Access-Control-Allow-Headers
响应标头中的所有Access-Control-XX-XX
值.这些不是必需的.您是说客户端可以发送这些请求标头,而这是不应该的.
And while your at it, you might as well remove all the Access-Control-XX-XX
values in the Access-Control-Allow-Headers
response header. These are not required. You are saying that client can send these request headers, which it shouldn't be doing.
另请参见: