解决Request header field XXX is not allowed by access-control-allow-headers in preflight response

原创 已于 2022-08-24 13:11:42 修改 · 1w 阅读 ·
本内容遵循CC 4.0 BY-SA版权协议
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
cknow-ai 涝山道士

cknow-ai 关注

标签
#java #开发语言
分类 计算机网络
于 2022-08-24 11:59:27 首次发布
本文介绍了在前后端分离项目中,因老接口需AC-User-Agent头而引发的跨域问题,展示了如何通过添加CORS过滤器在B.com服务器上配置Access-Control-Allow-Headers来解决此问题。

问题

Access to XMLHttpRequest at ‘http://B.com/path/a’ from origin ‘http://A.com’ has been blocked by CORS policy: Request header field AC-User-Agent is not allowed by Access-Control-Allow-Headers in preflight response.

在这里插入图片描述



产生原因

前后端分离项目,由于老版本项目没有接入网关和微服务,因此需要通过域名加接口地址的方式来直接访问,因此出现以下情况:

网站主域名是A.com,老接口服务的域名是B.com。
在调用老接口服务时,要求前端在header里必须加上AC-User-Agent字段,用于实现老接口业务
在这种情况下,前端在A.com网站上调用B.com,由此产生上述问题



解决方法

由于是跨域调用B.com接口时,未允许使用请求头AC-User-Agent(Request header field AC-User-Agent is not allowed by Access-Control-Allow-Headers),因此需要在B.com的Java代码里面新建一个过滤器,在过滤器中设置AC-User-Agent为合法请求头

@WebFilter("/*")
public class CorsFilter implements Filter {

	@Override
	public void init(FilterConfig filterConfig) throws ServletException {
	}

	@Override
	public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {

		HttpServletResponse resp = (HttpServletResponse) servletResponse;
		HttpServletRequest req = (HttpServletRequest) servletRequest;

		String origin = req.getHeader("Origin");
		resp.setHeader("Access-Control-Allow-Origin", origin);
		resp.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS");
		resp.setHeader("Access-Control-Allow-Headers", "AC-User-Agent, token, content-type");
		resp.setHeader("Access-Control-Allow-Credentials", "true");
		filterChain.doFilter(servletRequest, servletResponse);
	}

	@Override
	public void destroy() {
	}
}
点赞 点赞 4
评论 2
书签 书签 8
跨域问题:Request header field token is not allowed by Access-Control-Allow-Headers in preflight response
小筱在线博客
05-23 5476
Access to XMLHttpRequest at 'http://xxxx' from origin 'http://yyyy has been blocked by CORS policy: Request header field token is not allowed by Access-Control-Allow-Headers in preflight response
BUG | authorization is not allowed by Access-Control-Allow-Headers in preflight respo
兀坐晴窗独饮茶
04-25 1602
报错 Request header field authorization is not allowed by Access-Control-Allow-Headers in preflight response. 报错原因是 : 携带token令牌发送请求时 会先发送一个预请求, 根据预请求返回的结果判断是否可以发送正式的请求 出错场景 我使用 SpringSecurity + jwt 开发前后端分离的后台管理项目, 前端每次发送请求时需要携带 jwt 生成的身份令牌, 前端在发送正式请求之前会发送预请求
CROS 预检请求 异常解决方法 authorization is not allowed by Access-Control-Allow-Headers in preflight response
Tekin 是深耕技术 20 年的全栈实战派专家,精通 Go/Python/Java 等多语言开发。博客专注技术原理与实战结合,深度解析 Python 高阶编程、Go 语言架构、数据库优化等硬核内容。涵盖并发编程、机器学习、云原生等前沿领域,通过真实案例拆
05-30 1040
CROS 预检请求 异常解决方法 has been blocked by CORS policy: Request header field authorization is not allowed by Access-Control-Allow-Headers in preflight response.
Java Web 跨域设置
qq_37377082的博客
12-03 421
设置全局过滤器 import javax.servlet.*; import javax.servlet.annotation.WebFilter; import javax.servlet.http.HttpServletResponse; import java.io.IOException; /** * 跨域配置 * @author lijinghua */ @WebFilter(urlPatterns = {"/*"}) public class CorsFilter implements
Request header field Authorization is not allowed by Access-Control-Allow-Headers in preflig问题解决
阿牛哥的博客
10-18 4154
Request header field Authorization is not allowed by Access-Control-Allow-Headers in preflig问题解决
android 加载h5 页面,【安卓】安卓webview加载h5页面接口请求报错
weixin_39912163的博客
05-27 1228
混合开发,华为荣耀V8中安卓webview中接口请求报错:Failed to load http://XXX/API/Login/Password: Request header field Authorization is not allowed by Access-Control-Allow-Headers in preflight response.但是在chrome中访问正常,其他的安卓手...
Request header field token is not allowed by Access-Control-Allow-Headers in preflight response.
harris_lele的博客
02-21 6553
今天遇到一个跨域问题记录学习下: 一、问题 跨域请求 请求头中包含自定义token字段时,浏览器报错。 Request header field token is not allowed by Access-Control-Allow-Headers 二、原因 包含自定义token字段的跨域请求,浏览器会先向服务器发送OPTIONS请求,探测该服务器是否允许自定义的跨域字段。 如果允许,则继续实际的POST/GET正常请求,否则,返回标题所示错误。 OPTIONS请求: Req
Request header field xxx is not allowed by Access-Control-Allow-Headers in preflight respon
MAIMIHO的博客
07-27 906
调试时发现低版本的WebView无法请求跨域接口 请求信息如下: Request Method:OPTIONS Status Code:200 OK Access-Control-Allow-Headers:* Access-Control-Allow-Methods:POST, GET, OPTIONS, PUT, DELETE Access-Control-Allow-Origin:* 已经设置了 Access-Control-Allow-Headers:* 但是 WebView 依然报错 Requ
Request header field xxx is not allowed by Access-Control-Allow-Headers in preflight response.
m0_46401243的博客
11-26 374
用前台调第三方接口,提示跨域 后台没有设置相同的请求头参数
ajax请求的重定向处理--Request header field x-requested-with is not allowed by Access-Control-Allow-Header
weixin_44032384的博客
04-15 2805
需求 前端ajax发起请求,在后端接口中重定向,结果报错,无法跳转 前端页面发起调用 后端接口中重定向 控制台报错如下 将ajax访问的接口直接在浏览器地址栏中访问测试,发现请求内容与ajax请求的区别如下图 原因: X-Requested-With: XMLHttpRequest 表示是ajax的异步请求,而ajax的异步请求不能直接重定向,所以需要特殊处理一下 解决方案 前端处理 自己创建redirect.js,文件内容如下 function redirectHan
Request header field Content-Type is not allowed by Access-Control-Allow-Headers in preflight res
Miss Dan的博客
12-25 6544
一、问题: 跨域请求中包含自定义header字段时,浏览器console报错。 Request header field Content-Type is not allowed by Access-Control-Allow-Headers in preflight response 二、原因: 包含自定义header字段的跨域请求,浏览器会先向服务器发送OPTIONS请求,探测该服务器是...
Request header field * is not allowed by Access-Control-Allow-Headers in preflight response问题解决
热门推荐
古柏树下的博客
06-13 3万+
跨域问题 报错信息为:Failed to load http://localhost:8080/jfly.openapi/produce/listMachFeedingBoard/v1: Request header field Content-Type is not allowed by Access-Control-Allow-Headers in preflight response. ...
Jeecms跨域 Request header field is not allowed by Access-Control-Allow-Headers in preflight response
tabvla的博客
03-17 1311
Jeecms框架,前后端分离二次开发,前端跨域报错Request header field is not allowed by Access-Control-Allow-Headers in preflight response
goLang的一个跨域问题
lianyz
04-13 790
goLang的一个跨域问题问题描述 问题描述 Access to XMLHttpRequest at ‘http://127.0.0.1:8888/base/captcha’ from origin ‘http://127.0.0.1:8080’ has been blocked by CORS policy: Cannot parse Access-Control-Allow-Headers response header field in preflight response. 127.0.0.1:88
Request header field x-requested-with is not allowed by Access-Control-Allow-Headers
zhangwenjie1105的专栏
05-29 1万+
header('Access-Control-Allow-Headers:x-requested-with,content-type'); //响应头 请按照自己需求添加。 https://www.cnblogs.com/cdemo/p/5158663.html
解决Request header field bb is not allowed by Access-Control-Allow-Headers in preflight response.】问题
CSDNwangjinwei的博客
06-06 1218
请求报头字段在响应中不被Access-Control-Allow-Headers允许,导致出现跨域导致。设置请求头,解决跨域问题。
Request header field xxxx is not allowed by Access-Control-Allow-Headers in preflight response问题
weixin_45203607的博客
06-08 4994
这是因为目标服务不允许在请求头中加 x-run-as 这个第一种,前端请时候将请求头中的 x-run-as 这个去掉第二种,后端跨域配置中的请求头中添加这个key
Request header field openUserId is not allowed by Access-Control-Allow-Header跨域问题
u012497072的博客
05-17 2243
将openUserId 加入 response.setHeader(“Access-Control-Allow-Headers”, “token,userId,openUserId,xcm_admin_token,Content-Type,x-requested-with”); 即可 package com.xiaocaimi.repayment.config; import org.sprin...
前端跨域问题
k_happy的博客
04-18 481
前端开发环境运行跨域问题 Cannot parse Access-Control-Allow-Headers response header field in preflight response
前端跨域请求问题
as6231399的博客
12-04 305
前端跨域请求问题 Failed to load Request header field X-Requested-With is not allowed by Access-Control-Allow-Headers in preflight response header(‘Access-Control-Allow-Headers:x-requested-with,content-type’);...
评论 2
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值