问题描述

我将 WSO2is 5.7.0 与我的 angular 6 应用程序一起使用，我尝试从我的应用程序进行 api 调用，但我有一个 cors 错误:Cross-Origin Request Blocked: The Same Origin Policy disallows read the remote resource at

I use WSO2is 5.7.0 with my angular 6 app, i tried make api call from my app but i have a cors error: Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at

我已经激活了在 oauth 和 authenticationendpoint 中启用的 cors，我用以下几行编辑了两个 web 应用程序的 WEB-INF/web.xml:

I already activated the cors enabled in oauth and authenticationendpoint, i edited de WEB-INF/web.xml of both webapps with this lines:

<filter>
        <filter-name>CORS</filter-name>
        <filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class>

        <init-param>
                <param-name>cors.allowOrigin</param-name>
                <param-value>*</param-value>
        </init-param>
</filter>
<filter-mapping>
  <filter-name>CORS</filter-name>
  <url-pattern>*</url-pattern>
</filter-mapping>

在 authenticationendpoint 中，我将 cors 库从 oauth 复制到 lib 文件夹中的 authenticationendpoint webapps 并使用以下行编辑 pom.xml 文件:

In authenticationendpoint i copy the cors libraries from oauth to authenticationendpoint webapps in lib folder and edited the pom.xml file with this lines:

<dependency>
            <groupId>com.thetransactioncompany.wso2</groupId>
            <artifactId>cors-filter</artifactId>
            <version>1.7.0.wso2v1</version>
</dependency>

这之后，重启服务，我也有同样的问题Cross-Origin Request Blocked

After this, restart the service, i and have the same problem Cross-Origin Request Blocked

在我的 Angular 应用服务中，我提出如下请求:

in my angular app service i make the request as follow:

const httpHeaders = {
            headers: new HttpHeaders()
                .set('Content-Type', 'application/x-www-form-urlencoded')
                .set('Access-Control-Allow-Origin', '*')
        };

this.http.post<any>(`http://localhost:9443/commonauth`, payload, httpHeaders)

我认为必须从 tomcat 启用 cors 支持，但我不知道该怎么做，除了启用 cors 之外，我还有哪些其他选择?

i think is neccesary enable cors support from tomcat but i don't know how do that, What other alternatives do I have besides enabling cors?

我的来源:

https://docs.wso2.com/display/IS570/Invoking+an+Endpoint+from+a+Different+Domainhttps://hasanthipurnima.blogspot.com/2016/05/applying-cors-filter-to-wso2-identity.html

推荐答案

您尝试调用的端点已在 Identity Server 中注册为 servlet，您需要在 repository/conf 中配置 web.xml 文件/tomcat/carbon/WEB-INF/ 将标头应用到您的端点.

The endpoint you are trying to invoke is registered as a servlet inside the Identity Server and you need to configure the web.xml file in repository/conf/tomcat/carbon/WEB-INF/ to apply the headers to your endpoint.

您可以将 org.apache.catalina.filters.CorsFilter 添加到上述文件中以允许所需的域.更多信息可以从 tomcat 文档 中找到.示例配置如下所示.

You can add the org.apache.catalina.filters.CorsFilter to the above-mentioned file to allow the required domains. More info can be found from tomcat documentation. Sample config would look like below.

<filter>
  <filter-name>CorsFilter</filter-name>
  <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
  <init-param>
    <param-name>cors.allowed.origins</param-name>
    <param-value>https://www.somedomain.com</param-value>
  </init-param>
</filter>
<filter-mapping>
  <filter-name>CorsFilter</filter-name>
  <url-pattern>/commonauth</url-pattern>
</filter-mapping>