Springfox 上的 Spring Boot 应用程序用于 swagger-ui PUT 始终“无效的 CORS 请求”

Spring Boot Application on Springfox for swagger-ui PUT always "Invalid CORS Request"

提问人:Bob Kuhar 提问时间:11/11/2023 最后编辑:OlivierBob Kuhar 更新时间:11/18/2023 访问量:70

问:

赏金将于明天到期。这个问题的答案有资格获得 +100 声望赏金。鲍勃·库哈尔(Bob Kuhar)希望引起人们对这个问题的更多关注
我没有成功回答任何相关答案。我认为Spring Security影响是阻塞点,但我不知道如何证明或调试。

我有一个基于 1.5.3.RELEASE 的 Spring Boot 应用程序,它利用了 2.6.1 的 springfox-swagger2 和 2.6.1 的 springfox-swagger-ui。

对于大多数 API 来说,东西都很好。GETs起作用。POST 有效。PUT总是在swagger-ui.html上出错,我可以通过类似...Invalid CORS request

$ curl -i -X PUT 'http://localhost.mycompany.com:8080/mom/749f4f1f-0769-488d-9776-17fc3927cfc6/description?description=WangoTango' \
> -H 'Origin: http://example.com' \
> -H 'Cookie: a.token_key=redacted' \
> -H 'accept: application/json'
HTTP/1.1 403
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: SAMEORIGIN
Content-Length: 20
Date: Sat, 11 Nov 2023 01:42:01 GMT

Invalid CORS request

我的应用程序是使用 CorsConfigurationSource 按 https://docs.spring.io/spring-security/reference/reactive/integrations/cors.html 配置的

/**
 * CORS Configuration lifted from https://docs.spring.io/spring-security/reference/reactive/integrations/cors.html;
 * configure to allow all origins, all methods.
 */
@Configuration
public class CorsConfig {

  @Bean
  CorsConfigurationSource corsConfigurationSource() {
    CorsConfiguration configuration = new CorsConfiguration();
    configuration.setAllowedOrigins(Arrays.asList("*"));
    configuration.setAllowedMethods(Arrays.asList("*"));
    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    source.registerCorsConfiguration("/**", configuration);
    return source;
  }

在控制器中。.端点也配置了非常宽松的 CrossOrigin 注释......

  @RequestMapping(
      method = RequestMethod.PUT,
      path = "/mom/{verId:.+}/description",
      produces = {"application/json"})
  @CrossOrigin
  @ApiOperation(value = "Set the description")
  @ApiResponses(value = {
          @ApiResponse(code = 200, message = "Success", response = MBom.class),
          @ApiResponse(code = 400, message = "Bad Request", response = String.class),
          @ApiResponse(code = 404, message = "Error", response = String.class)})
  public ResponseEntity<?> setDescription(
      @PathVariable("verId") String verId,
      @RequestParam("description") String description) {
...

Spring Boot 1.5.3.RELEASE应用程序中的神奇配置是什么,可以获取与CORS一起使用的PUT端点?我在 StackOverflow 上对此的任何先前答案都没有成功。

java spring-boot cors swagger-ui

评论

0赞 m-kay 11/17/2023
你有弹簧安全过滤器链配置吗?此外,您的Spring Boot版本已经过时,可能无法与当前的spring-security版本正常工作。

答:

1赞 Anish B. 11/18/2023 #1

尝试传递显式方法名称,例如 ,而不是 inPUTPOST*CorsConfiguration.setAllowedMethods

更新至此:

configuration.setAllowedMethods(Arrays.asList("GET, PUT, POST, PATCH, DELETE"));

看看这是否有效。

0赞 Raw 11/20/2023 #2

这对我有用

@Bean
CorsConfigurationSource corsConfigurationSource() {
    CorsConfiguration configuration = new CorsConfiguration();
    configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"));
    configuration.setAllowCredentials(true);
    // the below three lines will add the relevant CORS response headers
    configuration.addAllowedOrigin("*");
    configuration.addAllowedHeader("*");
    configuration.addAllowedMethod("*");
    UrlBasedCorsConfigurationSource source = new 
    UrlBasedCorsConfigurationSource();
    source.registerCorsConfiguration("/**", configuration);
    return source;
}

上一个:Spring data neo4j 密码方言并非在任何地方都强制执行

下一个:Java 自定义约束验证器在单元测试中失败,并显示“未设置目标验证器”错误