本文介绍了使用Content-Type:application / json时,对Activiti REST API的POST请求会导致CORS问题的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在使用AngularJS来使用Activit REST资源。所有GET操作都按预期工作,但是当我尝试使用Content-Type:application / json POST到/ runtime / process-instances时,它在预检上失败了。如您所见,响应头中没有Access-Control-Allow-Origin。

I'm using AngularJS to consume Activit REST resources. All GET operations works as expected but, when I try to POST to /runtime/process-instances with Content-Type:application/json, it fails on the preflight. As you can see, there's no 'Access-Control-Allow-Origin' in the response header.

当我将Content-Type更改为application / x-www-form-urlencoded; charset = utf-8时,例如,'Access-Control-Allow-Origin'出现在响应头中,但据我们所知,我的POST赢了因为API期望它有一个内容类型:application / json

When I change the Content-Type to application/x-www-form-urlencoded;charset=utf-8, for example, the 'Access-Control-Allow-Origin' comes in the response header but as we know, my POST won't work as API expects it to have a content-type:application/json

我怎样才能得到围绕这个问题?

How can I get around the issue?

感谢任何输入!

推荐答案

自Activiti以来5.17,Activiti使用Spring Security来保护REST-API。如果您发送在Tomcat CORS-Configuration中的allowed-headers字段中传播的标头,则只会触发Tomcat CORS-Filter。我没有成功地在每个请求上触发CORS过滤器。因此,我这样做了:

Since Activiti 5.17, Activiti uses Spring Security to protect the REST-APIs. The Tomcat CORS-Filter only gets triggered if you send headers propagated in the allowed-headers field in the Tomcat CORS-Configuration. I did not succeed in triggering the CORS-filter on every request. Therefore, I did it this way:


  1. 编写自己的CORS-Filter

  1. Write your own CORS-Filter

公共类CorsFilter扩展OncePerRequestFilter {

public class CorsFilter extends OncePerRequestFilter {

    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
            throws ServletException, IOException {

        response.setHeader("Access-Control-Allow-Origin", "*");
        if (request.getHeader("Access-Control-Request-Method") != null && "OPTIONS".equals(request.getMethod())) {
            response.setHeader("Access-Control-Allow-Credentials", "true");
            response.setHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE");
            response.setHeader("Access-Control-Allow-Headers", "accept, x-requested-with, Content-Type, Accept-Language, Accept-Encoding ,Origin, Access-Control-Request-Method ,Access-Control-Request-Headers, Last-Modified, Cookie, Referer");
            response.setHeader("Access-Control-Expose-Headers", "Access-Control-Allow-Origin,Accept-Ranges,Content-Encoding,Content-Length,Content-Range");
            response.setHeader("Access-Control-Max-Age", "100");
        }

        filterChain.doFilter(request, response);
    }

}


  • 添加过滤器activiti-rest-webapp2中的Spring配置:

  • Add the filter in the Spring Configuration in the activiti-rest-webapp2:

    http.addFilterBefore(new CorsFilter (),ChannelProcessingFilter.class)

    .antMatchers(HttpMethod.OPTIONS,/ **)。 permitAll()

    需要在没有spring认证的情况下传递选项请求,否则CORS预检请求将失败。

    The options requests need to be passed without spring authentication because otherwise, the CORS preflight requests will fail.

    如果你这样做,Activiti会在你发出的每个请求中添加Access-Control-Allow-Origin。

    If you do it this way, Activiti will add the Access-Control-Allow-Origin on every request you make.

    最好的问候
    Ben

    Best regardsBen

    这篇关于使用Content-Type:application / json时,对Activiti REST API的POST请求会导致CORS问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

  • 08-27 20:50
    查看更多