您的位置: 首页  >  技术问答  >  CORS失败,但存在CORS头文件,错误:缓存控制不允许通过预检响应中的Access-Control-Allow-Headers

CORS失败,但存在CORS头文件,错误:缓存控制不允许通过预检响应中的Access-Control-Allow-Headers

分类: 技术问答 2022-09-03 20:17:38
问题描述:

在尝试将请求发送到Chrome时,我在Chrome的开发板中收到两个错误我的春天回来了。我已经建立了一个CORS servlet过滤器来添加标题。我得到的错误是:CORS失败,但存在CORS头文件,错误:缓存控制不允许通过预检响应中的Access-Control-Allow-Headers

main.7851a9cd.js:1 Error during service worker registration: 
DOMException: Only secure origins are allowed (see: tinyUrl removed). 
(anonymous) @ main.7851a9cd.js:1 
Promise rejected (async) 
o @ main.7851a9cd.js:1 
(anonymous) @ main.7851a9cd.js:1 
/#/join:1 Failed to load http://ec2-54-148-176-27.us-west- 
2.compute.amazonaws.com:8282/register_by_email: Request header field 
Cache-Control is not allowed by Access-Control-Allow-Headers in 
preflight response.

我的过滤器:

@Override 
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { 
    log.debug("CORSFilter.doFilter()"); 
    HttpServletResponse response = (HttpServletResponse) servletResponse; 
    DataOutputStream dos = new DataOutputStream(response.getOutputStream()); 
    int len = dos.size(); 
    HttpServletRequest request= (HttpServletRequest) servletRequest; 

    response.setHeader("Access-Control-Allow-Origin", "*"); 
    response.setHeader("Access-Control-Allow-Methods", "GET,POST,DELETE,PUT,OPTIONS"); 
    response.setHeader("Access-Control-Allow-Headers", "*"); 
    response.setHeader("Access-Control-Allow-Credentials", "true"); 
    response.setHeader("Access-Control-Max-Age", "180"); 
    response.setHeader("Content-Type", "application/json"); 
    response.setHeader("Content-Length", ""+len); 
    filterChain.doFilter(servletRequest, servletResponse); 
}

的开发板: enter image description here

Access-Control-Allow-Headers: *尚不支持。 https://crbug.com/615313

+0

谢谢,我删除了那个,但仍然得到Request-header字段Cache-Control在预检响应中不被Access-Control-Allow-Headers所允许。我看到一个Cache-Control头,但它必须在spring中添加,不是在我的cors过滤器中。 –

一些试验和错误后,我能得到它通过将所有我在请求访问控制允许报头头在响应看到头的工作:

@Override 
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { 
    log.debug("CORSFilter.doFilter() --"); 
    HttpServletResponse response = (HttpServletResponse) servletResponse; 
    response.setHeader("Access-Control-Allow-Origin", "*"); 
    response.setHeader("Access-Control-Allow-Methods", "GET,POST,DELETE,PUT,OPTIONS"); 
    response.setHeader("Access-Control-Max-Age", "180"); 
    response.setHeader("Content-Type", "application/json"); 
    response.setHeader("Access-Control-Allow-Headers", "User-Agent,Referer,Origin,Host,Connection,Access-Control-Request-Method,Access-Control-Request-Headers,Cache-Control,Origin,X-Requested-With,Content-Type,Accept,Accept-Encoding,Accept-Language"); 
    filterChain.doFilter(servletRequest, servletResponse); 
}

相关推荐