CORS：AngularJS + Resteasy 3 + Wildfly

Question

我正在使用 AngularJS 和 Resteasy 开发一个应用程序。正如预期的那样，我面临着众所周知的问题

XMLHttpRequest cannot load http://localhost:8080/..... No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:3000' is therefore not allowed access. The response had HTTP status code 403.

正如在其他堆栈溢出帖子[1] 上看到的那样，我尝试从 Feature 对象中使用 Resteasy 的 CorsFilter，但我得到：

[33m02:06:57,883 WARN  [org.jboss.resteasy.core.ExceptionHandler] (default task-1) failed to execute: javax.ws.rs.ForbiddenException: Origin not allowed: http://localhost:3000
    at org.jboss.resteasy.plugins.interceptors.CorsFilter.checkOrigin(CorsFilter.java:194)
    at org.jboss.resteasy.plugins.interceptors.CorsFilter.filter(CorsFilter.java:134)

我的 CorsFeature 对象：

@Provider
public class CorsFeature implements Feature {

    @Override
    public boolean configure(FeatureContext context) {
        CorsFilter corsFilter = new CorsFilter();
        corsFilter.getAllowedOrigins().add("*");
        context.register(corsFilter);
        return true;
    }  
}

在 web.xml 我添加了：

<context-param>
    <param-name>resteasy.providers</param-name>
    <param-value>org.jboss.resteasy.plugins.interceptors.CorsFilter</param-value>
</context-param>

我看到当我评论这个上下文参数时，我没有得到上述异常，响应状态是 200，而不是 403。

在 angular 模块配置中我添加了：

$httpProvider.defaults.useXDomain = true;
delete $httpProvider.defaults.headers.common['X-Requested-With'];

我知道有创建 node.js 代理的选项，但我想以艰难的方式解决这个问题。 你能帮我克服生活中的这个大障碍吗？

谢谢:)

后期编辑： 我设法通过注释要素类 (CorsFeature) si @Component 来实现这一点。这样应用程序上下文就会知道它。

Answer 1

Wildfly 解决方案

1. 编辑standalone.xml:

配置

<subsystem xmlns="urn:jboss:domain:undertow:3.0">
<buffer-cache name="default"/>
<server name="default-server">
    <http-listener name="default" socket-binding="http" redirect-socket="https"/>
    <host name="default-host" alias="localhost">
        <location name="/" handler="welcome-content"/>
        <filter-ref name="server-header"/>
        <filter-ref name="x-powered-by-header"/>
        <filter-ref name="Access-Control-Allow-Origin"/>
        <filter-ref name="Access-Control-Allow-Methods"/>
        <filter-ref name="Access-Control-Allow-Headers"/>
        <filter-ref name="Access-Control-Allow-Credentials"/>
        <filter-ref name="Access-Control-Max-Age"/>
    </host>
</server>
<servlet-container name="default">
    <jsp-config/>
    <websockets/>
</servlet-container>
<handlers>
    <file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
</handlers>
<filters>
    <response-header name="server-header" header-name="Server" header-value="WildFly/10"/>
    <response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
    <response-header name="Access-Control-Allow-Origin" header-name="Access-Control-Allow-Origin" header-value="*"/>
    <response-header name="Access-Control-Allow-Methods" header-name="Access-Control-Allow-Methods" header-value="GET, POST, OPTIONS, PUT"/>
    <response-header name="Access-Control-Allow-Headers" header-name="Access-Control-Allow-Headers" header-value="accept, authorization,  content-type, x-requested-with"/>
    <response-header name="Access-Control-Allow-Credentials" header-name="Access-Control-Allow-Credentials" header-value="true"/>
    <response-header name="Access-Control-Max-Age" header-name="Access-Control-Max-Age" header-value="1"/>
</filters>
</subsystem>

1. 重启 Wildfly