When allowCredentials is true, allowedOrigins cannot contain the special value “*“ since that canno

问题:

后端配置跨域控制台抛出如下异常:

Resolved [java.lang.IllegalArgumentException: When allowCredentials is true, allowedOrigins cannot contain the special value "*" since that cannot be set on the "Access-Control-Allow-Origin" response header. To allow credentials to a set of origins, list them explicitly or consider using "allowedOriginPatterns" instead.]

原因:

当allowCredentials为true时,allowedOrigins不能包含特殊值“*”,因为它不能在“Access-Control-Allow-Origin”响应头中设置。

解决办法:

将配置中allowedOrigins替换为allowedOriginPatterns

配置:

@Configuration
public class CorsConfig implements WebMvcConfigurer {
    public void addCorsMappings(CorsRegistry registry) {
        registry.addMapping("/**")
                .allowedOriginPatterns("*")
                .allowedMethods("GET", "HEAD", "POST", "PUT", "DELETE", "OPTIONS")
                .allowCredentials(true)
                .maxAge(3600)
                .allowedHeaders("*");
    }
}

你可能感兴趣的:(java,servlet,服务器,spring,boot)