NutzCN Logo
问答 跨域请求服务器controller.jsp时,出现option405错误
发布于 498天前 作者 书生 373 次浏览 复制 上一个帖子 下一个帖子
标签: 跨域

跨域请求服务器controller.jsp时,出现option405错误,有人解决过吗?

13 回复

405是get/post方法错误?

有截图或日志啥的吗

按CrossOriginFilter的写法,做一个Filter放在web.xml

Request URL:http://starskybbs.ngrok.cc/starskybbs/ueditor/jsp/controller.jsp?action=uploadimage
Request Method:OPTIONS
Status Code:405 
Remote Address:120.210.207.197:80
Access-Control-Allow-Headers:Origin, X-Requested-With, Content-Type, Accept, Key
Access-Control-Allow-Origin:*
Content-Language:en
Content-Length:1092
Content-Type:text/html;charset=utf-8
Date:Wed, 14 Dec 2016 02:54:38 GMT
X-Powered-By:nutz/1.r.59-SNAPSHOT <nutzam.com>
Accept:*/*
Accept-Encoding:gzip, deflate, sdch
Accept-Language:zh-CN,zh;q=0.8
Access-Control-Request-Headers:x-requested-with
Access-Control-Request-Method:POST
Connection:keep-alive
Host:starskybbs.ngrok.cc
Origin:http://172.16.28.4:8080
Referer:http://172.16.28.4:8080/
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36

origin, methods,headers,credentials 一个都不能少

public class CorsFilter implements Filter {

	@Override
	public void init(FilterConfig filterConfig) throws ServletException {
	}

	@Override
	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
			ServletException {
		
		HttpServletResponse tempresponse = (HttpServletResponse) response;
		String origin = (String) request.getRemoteHost()+":"+request.getRemotePort();
		tempresponse.setHeader("Access-Control-Allow-Origin", "*");
		tempresponse.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
		tempresponse.setHeader("Access-Control-Max-Age", "3600");
		tempresponse.setHeader("Access-Control-Allow-Headers", "x-requested-with,Authorization");
		tempresponse.setHeader("Access-Control-Allow-Credentials","true");
		chain.doFilter(request, response);
	}

	@Override
	public void destroy() {
	}

}

这样写可以吗,断点时,发现会走到这个过滤器来的,但是还是返回405了,也不知道什么情况

浏览器收到的header跟你的代码不符呢, 所以ngrok.cc拦截了部分header吧

然而, nutzcn提供的ngrok服务下正常

demo url : http://any.nutz.cn/out.html

chrome控制台可以看到访问跨域的地址

nutzcn的ngrok服务地址: https://nutz.cn/ngrok/me

HttpServletResponse tempresponse = (HttpServletResponse) response;
		String origin = (String) request.getRemoteHost()+":"+request.getRemotePort();
		tempresponse.setHeader("Access-Control-Allow-Origin", "*");
		tempresponse.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
		tempresponse.setHeader("Access-Control-Max-Age", "3600");//Origin, X-Requested-With, Content-Type, Accept, Key
		tempresponse.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, Key");
//		tempresponse.setHeader("Access-Control-Allow-Headers", "x-requested-with,Authorization");
		tempresponse.setHeader("Access-Control-Allow-Credentials","true");
		chain.doFilter(request, response);

换成跟他前端一样的应该可以了把

问题是你的浏览器并没收到一模一样的header

Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:Origin, X-Requested-With, Content-Type, Accept, Key
Access-Control-Allow-Headers:Origin, No-Cache, X-Requested-With, If-Modified-Since, Pragma, Last-Modified, Cache-Control, Expires, Content-Type, X-E4M-With,Accept, Origin, XRequestedWith, Content-Type, LastModified,x-requested-with,Authorization
Access-Control-Allow-Methods:POST,GET,OPTIONS
Access-Control-Allow-Origin:*
Access-Control-Allow-Origin:*
Access-Control-Max-Age:3600
Content-Language:en
Content-Length:1092
Content-Type:text/html;charset=utf-8
Date:Wed, 14 Dec 2016 04:00:18 GMT
X-Powered-By:nutz/1.r.59-SNAPSHOT <nutzam.com>

出现多个header了

最终解决方案:

导入两个jar包:cors-filter-1.7.jar和java-property-utils-1.9.jar

配置web.xml文件

<filter>
        <filter-name>CORS</filter-name>
        <filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class>
        <init-param>
            <param-name>cors.allowOrigin</param-name>
            <param-value>*</param-value>
        </init-param>
        <init-param>
            <param-name>cors.supportedMethods</param-name>
            <param-value>GET, POST, HEAD, PUT, DELETE</param-value>
        </init-param>
        <init-param>
            <param-name>cors.supportedHeaders</param-name>
            <param-value>Accept, Origin, X-Requested-With, Content-Type, Last-Modified</param-value>
        </init-param>
        <init-param>
            <param-name>cors.exposedHeaders</param-name>
            <param-value>Set-Cookie</param-value>
        </init-param>
        <init-param>
            <param-name>cors.supportsCredentials</param-name>
            <param-value>true</param-value>
        </init-param>
    </filter>
    <filter-mapping>
        <filter-name>CORS</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

本来自己也写了类似的filter,可能研究的不够透彻,所以没能成功,引入了其他的jar包就成功了,网上有相应的免费下载jar包,想了解的话可以自己搜索,或者在这里留言

添加回复
请先登陆
回到顶部