从前端代码中的HttpHeaders中删除Access-Control-Allow-Methods和Access-Control-Allow-Headers.这些标头应该从服务器作为 response 标头发送(这是您在CORSResponseFilter中所做的事情).

Remove the Access-Control-Allow-Methods and the Access-Control-Allow-Headers from the HttpHeaders in the frontend code. These headers are supposed be sent as response headers from the server (which is what you are doing in your CORSResponseFilter).

无法加载 http://localhost:8080/请求标头字段Access-Control-Allow-Methods为飞行前响应中Access-Control-Allow-Headers不允许

Failed to load http://localhost:8080/ Request header field Access-Control-Allow-Methods is not allowed by Access-Control-Allow-Headers in preflight response

此错误的意思是服务器响应标头Access-Control-Allow-Headers在标头值中不包含Access-Control-Allow-Methods(不应该). Access-Control-Allow-Headers的目的是告诉浏览器允许客户端将哪些请求标头发送到服务器.您可以在CORSResponseFilter中看到允许的标题. Access-Control-Allow-Methods不是其中之一.

What this error is saying is that the server response header Access-Control-Allow-Headers doesn't include Access-Control-Allow-Methods in the header value (which is shouldn't). The purpose of the Access-Control-Allow-Headers is to tell the browser which request headers the client is allowed to send to the server. You can see in the CORSResponseFilter which headers you allow. Access-Control-Allow-Methods is not one of them.

在使用它的同时，您也可以删除Access-Control-Allow-Headers响应标头中的所有Access-Control-XX-XX值.这些不是必需的.您是说客户端可以发送这些请求标头，而这是不应该的.

And while your at it, you might as well remove all the Access-Control-XX-XX values in the Access-Control-Allow-Headers response header. These are not required. You are saying that client can send these request headers, which it shouldn't be doing.

另请参见:

• 查看此答案中的更新，以获取有关这些标头如何工作的良好解释(如果您有兴趣的话).

• Check out the update in this answer for a good explanation about how these headers work (if you are interested).