问题描述
我正在开发一个同时使用 REST 端点和 SockJS websocket 的服务器应用程序.这曾经在 Spring 5.2 及更低版本下运行良好.
I'm working on a server application which uses both REST endpoints and a SockJS websocket. This used to work fine under Spring 5.2 and below.
但是,自 5.3 发布以来,org.springframework.web.cors.CorsConfiguration
中存在以下方法:
However, since the 5.3 release, the following method exists within org.springframework.web.cors.CorsConfiguration
:
public void validateAllowCredentials() {
if (this.allowCredentials == Boolean.TRUE &&
this.allowedOrigins != null && this.allowedOrigins.contains(ALL)) {
throw new IllegalArgumentException(
"When allowCredentials is true, allowedOrigins cannot contain the special value \"*\"" +
"since that cannot be set on the \"Access-Control-Allow-Origin\" response header. " +
"To allow credentials to a set of origins, list them explicitly " +
"or consider using \"allowedOriginPatterns\" instead.");
}
}
到目前为止,我的套接字配置如下:
So far, my socket was configured like this:
@Configuration
@EnableWebSocketMessageBroker
public class WebSocketConfiguration implements WebSocketMessageBrokerConfigurer {
@Override
public void configureMessageBroker(MessageBrokerRegistry config) {
// prefix for the client to send messages to the server
config.setApplicationDestinationPrefixes("/app");
// prefix for the client to receive broadcasted messages from the server
config.enableSimpleBroker("/topic");
}
@Override
public void registerStompEndpoints(StompEndpointRegistry registry) {
// defines the url of the socket so the client can connect to it
registry.addEndpoint("/socketendpoint").setAllowedOrigins("*").withSockJS();
}
}
现在我面临一个真正的问题:
Now I'm facing a real issue:
- 如果我将
setAllowedOrigins("*")
保留在WebSocketConfiguration
中,那么我将面临validateAllowCredentials
中抛出的错误. - 如果我删除
setAllowedOrigins("*")
,那么 SockJS 客户端将收到WebSocket 握手期间的错误:意外响应代码:403
.立>
- If I keep the
setAllowedOrigins("*")
in theWebSocketConfiguration
, then I will face the error thrown invalidateAllowCredentials
. - If I remove the
setAllowedOrigins("*")
, then the SockJS clients will recieve anError during WebSocket handshake: Unexpected response code: 403
.
我在编译时不知道原始域.
I don't know the origin domain at compile time.
我已经尝试过使用典型的将您在请求中找到的 origin
标头作为 allow-origin
"返回的 Cors 过滤器和 Cors 配置;通常用于规避 allow-origin: "*"
的模式,但某些 SockJS 请求没有分配 origin
标头...
I already tried a Cors Filter and a Cors Configuration that use the typical "return the origin
header you find in the request as allow-origin
" pattern that is usually used to circumvent the allow-origin: "*"
, but some SockJS requests don't have an origin
header assigned...
我该如何解决这个问题?
How do I fix this?
推荐答案
为了将来参考,随着最新的 spring 更新,现在有一个方法 setAllowedOriginPatterns
可以解决这个问题:
For future reference, with the latest spring updates, there's now a method setAllowedOriginPatterns
that solves this:
registry.addEndpoint("/socketendpoint").setAllowedOriginPatterns("*").withSockJS();
这篇关于如何在 Spring 5.3 及更高版本中使用 Stomp 和 SockJS 处理 CORS 起源?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!