preface
There was a wallet project, which originally used micro services, but later felt that it was unnecessary and reconstructed into a simple Springboot project. However, after the token verification reconstruction, something went wrong. The previous filter was written by SpringGateway, which was implemented based on GatewayFilter. After refactoring based on the filter, when the request entered the filter, it was found that the request’s custom header could not be retrieved.
String token = request.getHeader("token"); // null
String id = request.getHeader("id"); // null
String role = request.getHeader("role"); // null
Copy the code
why
I looked at the servletRequest when I entered the breakpoint and found that the request method was Options. I know get, post, delete, put. Options. Refer mainly to this article. It turned out to be the same origin policy of the browser, which is CALLED CORS, but THEN I thought, I have CORS configured
@Configuration
public class CorsConfig {
private CorsConfiguration buildConfig() {
CorsConfiguration corsConfiguration = new CorsConfiguration();
corsConfiguration.addAllowedOrigin("*"); // 1
corsConfiguration.addAllowedHeader("*"); // 2
corsConfiguration.addAllowedMethod("*"); / / 3return corsConfiguration;
}
@Bean
public CorsFilter corsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/ * *", buildConfig()); / / 4return new CorsFilter(source); }}Copy the code
@RestControllerAdvice and @ExceptionHandle could not handle the exception thrown by the filter. As a result, the program reported 500 errors. And then the filter is similar to the section, there is a break so that the return header is not added.
To deal with
How to handle the pre-processing options request sent by the browser
HttpServletRequest request= (HttpServletRequest)servletRequest;
HttpServletResponse res = (HttpServletResponse) servletResponse;
String method=request.getMethod();
if(HttpMethod.OPTIONS.toString().equals(method)){
res.setStatus(HttpStatus.NO_CONTENT.value());
}else {
String token = request.getHeader("token");
String id = request.getHeader("id");
String role = request.getHeader("role"); ~ ~ ~ ~ ~ ~ ~Copy the code
To recall
I remember I did not handle options request in my last project. Why did I not report cORS problem? By the way, I remember I handled it in nginx
if ($request_method = 'OPTIONS') {
return 204;
}
add_header Access-Control-Allow-Origin * always;
add_header Access-Control-Allow-Headers "Content-Type, Authorization" always;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS, PUT, PATCH, DELETE, HEAD" always;
add_header Access-Control-Max-Age 86400 always;
Copy the code
Original oneself and write front end, also write back end, how these problems can also meet it, 😌, the predecessors have written, they have not encountered problems have not gone deep, and SpringCloud inside corsWebFilter how with Springboot inside corsFilter is not the same.
@Configuration
public class CorsConfig {
@Bean
public CorsWebFilter corsFilter() {
CorsConfiguration config = new CorsConfiguration();
config.addAllowedMethod("*");
config.addAllowedOrigin("*");
config.addAllowedHeader("*");
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(new PathPatternParser());
source.registerCorsConfiguration("/ * *", config);
return new CorsWebFilter(source); }}Copy the code
Still have to read the source code ah, I crudboy