无法将POST请求发送到Spring Resource服务器

本文介绍了无法将POST请求发送到Spring Resource服务器的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我有一个Spring Boot ResourceServer和一个React客户端应用程序.我正在尝试向服务器端点之一(具有@CrossOrigin注释btw.)发送POST请求，但是，我在控制台中收到此错误:

I have a Spring Boot ResourceServer, and a React client application. I am trying to send a POST request to one of the server endpoints (which has the @CrossOrigin annotation btw.), however, I am getting this error in the console:

在以下位置的 localhost:8080/api/search 处访问XMLHttpRequest 来源' localhost:3000 '已被CORS政策阻止: 对预检请求的响应未通过访问控制检查: 没有HTTP正常状态.

Access to XMLHttpRequest at 'localhost:8080/api/search' from origin 'localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.

预检请求返回401 Http状态，我不知道为什么.

The preflight request returns a 401 Http status, and I don't know why.

预检请求的响应标头如下所示:

The response headers for the preflight request look like this:

Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: content-type Access-Control-Allow-Methods: POST Access-Control-Allow-Origin: localhost:3000 Allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Length: 0 Date: Sun, 20 Oct 2019 17:23:54 GMT Expires: 0 Pragma: no-cache Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers WWW-Authenticate: Basic realm="Realm" X-Content-Type-Options: nosniff X-Frame-Options: DENY X-XSS-Protection: 1; mode=block

我的飞行前请求标头看起来像这样:

My preflight request headers look like this:

Access-Control-Request-Headers: content-type Access-Control-Request-Method: POST Origin: localhost:3000 Referer: localhost:3000/movie-search Sec-Fetch-Mode: no-cors User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.87 Safari/537.36

我正在使用Axios发送请求(如果很重要).有人知道这是怎么回事吗?

I am using Axios to send the request (if that matters). Anyone knows what's going on here?

推荐答案

哇...我的HTTPSecurity配置看起来像这样:

Whoops...my HTTPSecurity config looked like this:

http .authorizeRequests() .antMatchers(HTTPMethod.POST, "/api/search").permitAll() .anyRequest().authenticated() .and().httpBasic()

代替此:

http .authorizeRequests() .antMatchers("/api/search").permitAll() .anyRequest().authenticated() .and().httpBasic()