Technology sharing

한어Русский языкEnglishFrançaisIndonesianSanskrit日本語DeutschPortuguêsΕλληνικάespañolItalianoSuomalainenLatina

1. Introductio

Ad sequentem articulum de causa referendum placet: Via recta solvendi problemata crucis domain separando sa-tagia ante finem et retro-finem.

https://mp.weixin.qq.com/s/96WbWL28T5_-xzyCfJ7Stg
https://blog.csdn.net/qq_34905631/article/details/140233780?spm=1001.2014.3001.5501
1
2

Etsi hic articulus rectam positionem post multos conatus invenit, radix causa quaestionis non inventa est. Deinde postquam aliqua cogitatio et exploratio, miratus sum si hoc crucis domicilium localiter simulari posset, et tunc Lao quaerere coepi Wang, ante-finis baculus exerti, immo loci crucis-dominium simulatus. exponens SimpleCORSFilter in art.

2. Problem recursu

Configuratio cruris-dominalis veris 5.2.15. RELEASE officialis mvc talis est:

https://docs.spring.io/spring-framework/docs/5.2.15.RELEASE/spring-framework-reference/web.html#mvc-cors-intro
1

Sequere modum officialem supra coniunctum, et CustomCorsFilter classi adde hoc modo:

package xxxx.config;

import org.springframework.core.Ordered;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter;


@Component
@Order(Ordered.HIGHEST_PRECEDENCE)
public class CustomCorsFilter extends CorsFilter {

    public CustomCorsFilter() {
        super(corsConfigurationSource());
    }

    private static CorsConfigurationSource corsConfigurationSource() {
        CorsConfiguration configuration = new CorsConfiguration();
        configuration.addAllowedOrigin("*"); // 允许访问的域名，例如 http://localhost:8080
        configuration.addAllowedHeader("*"); // 允许所有请求头
        configuration.addAllowedMethod("*"); // 允许所有请求方法
        configuration.setAllowCredentials(true);
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", configuration);
        return source;
    }

}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

Configuratio CustomCorsFilter comprobata est ut valida sit in consilio quod elaboravi. Tamen, in recenti consilio, supervacaneum est hac CustomCorsFilterorum classium conformatione uti ad solvendas difficultates crucis-domininas. In superiori articulo de recto modo solvendi crucis-dominarum problemata separando ante-finem et finem, CustomCorsFilter classium verificationis invalidum erat , (SimpleCORSFilter notanda est, quia SimpleCORSFilter hoc adhiberi potest post verificationem). Post propositum localiter currens, finis anterior petitiones crucis simulat.

   @Override
	protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
			FilterChain filterChain) throws ServletException, IOException {

		CorsConfiguration corsConfiguration = this.configSource.getCorsConfiguration(request);
		boolean isValid = this.processor.processRequest(corsConfiguration, request, response);
        //关键就是这里，在这里打上断点
		if (!isValid || CorsUtils.isPreFlightRequest(request)) {
			return;
		}
		filterChain.doFilter(request, response);
	}
1
2
3
4
5
6
7
8
9
10
11
12

Etiam punctum in CorsUtils.isPreFlightRequest modum posuit:

	public static boolean isPreFlightRequest(HttpServletRequest request) {
		return (HttpMethod.OPTIONS.matches(request.getMethod()) &&
				request.getHeader(HttpHeaders.ORIGIN) != null &&
				request.getHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD) != null);
	}
1
2
3
4
5

Tum breakpoint screenshot haec est:

Interface login incomplexum est postulatio crucis-dominalis cum http plus nominis domain et praeiudicium postulatio (OPTIONS petitio) mittetur.

In projecto sa-catico inserto, punctum punctum in methodo FilterInternalis olimPerRequestFilter posui et sequentes filtras inveni:

Videri potest quod CustomCorsFilter supra nativus prius exsecutus est, et duo filtra ad sa-tacium pertinentia: saPathCheckFilterForServlet et SaServletFilter postea exsecuta sunt, ideo aliae coniecturae superiores bene confirmatae sunt :

       //关键就是这里，在这里打上断点
		if (!isValid || CorsUtils.isPreFlightRequest(request)) {
			return;
		}
1
2
3
4

Ponitur quaestio in sequenti codice:

CorsUtils.isPreFlightRequest(request)
1

Haec linea codicis vera reddidit, unde rediit. Omnes columellae sequentes non sunt exsecuti, ergo petitio interface non potuit. , compertum est quod post implicatam petitionem prae-deprehensionem postulationem (OPTIONS request) trans ditiones suas misit, Origin inexplicabili modo poneretur:

http://localhost:3000
1

Hoc valde mirum, sic rogavi collegam meum ante-finem Lao Wang ad reprimendam ubi hic valor positus est, et sequentia inveni:

Finis anterior non ponit Origenem, sed tantum ambitum sequentes ponit;

//设置axios跨域访问
axios.defaults.withcredentials = true // 设置cross跨域 并设置访问权限 允许跨域携带cookie信息axios.defaults.crossDomain=true //设置axios跨域的配置
1
2

In pictura supra, unum tantum valorem Referer qui cum Origine coincidit.

https://blog.csdn.net/qq_55316925/article/details/128571809
1

Multum idearum mihi dedit, sic de eo cogitabam, et evenit ut CustomCorsFilter figuratus in dorso efficax esset Ante-finem Lao Wang , ambae methodi factibiles sunt, et alterutro modo problema-dominium cori solvere potest.

3.Solution

3.1 Ratio I: Modify CorsFilter source code in backend

Modificare CorsFilter source code in backend

Adde novam org.springframework.web.filter sarcina sub src.main.java sub project

Deinde effingo fontem codicem CorsFilter et pone illud sub org.springframework.web.filter involucrum nuper creatum supra, et tunc potes mutare fontem codicis CorsFilter.

/*
 * Copyright 2002-2019 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.springframework.web.filter;

import java.io.IOException;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.util.Assert;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.CorsProcessor;
import org.springframework.web.cors.CorsUtils;
import org.springframework.web.cors.DefaultCorsProcessor;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;

/**
 * {@link javax.servlet.Filter} that handles CORS preflight requests and intercepts
 * CORS simple and actual requests thanks to a {@link CorsProcessor} implementation
 * ({@link DefaultCorsProcessor} by default) in order to add the relevant CORS
 * response headers (like {@code Access-Control-Allow-Origin}) using the provided
 * {@link CorsConfigurationSource} (for example an {@link UrlBasedCorsConfigurationSource}
 * instance.
 *
 * <p>This is an alternative to Spring MVC Java config and XML namespace CORS configuration,
 * useful for applications depending only on spring-web (not on spring-webmvc) or for
 * security constraints requiring CORS checks to be performed at {@link javax.servlet.Filter}
 * level.
 *
 * <p>This filter could be used in conjunction with {@link DelegatingFilterProxy} in order
 * to help with its initialization.
 *
 * @author Sebastien Deleuze
 * @since 4.2
 * @see <a href="https://www.w3.org/TR/cors/">CORS W3C recommendation</a>
 */
public class CorsFilter extends OncePerRequestFilter {

	private final CorsConfigurationSource configSource;

	private CorsProcessor processor = new DefaultCorsProcessor();


	/**
	 * Constructor accepting a {@link CorsConfigurationSource} used by the filter
	 * to find the {@link CorsConfiguration} to use for each incoming request.
	 * @see UrlBasedCorsConfigurationSource
	 */
	public CorsFilter(CorsConfigurationSource configSource) {
		Assert.notNull(configSource, "CorsConfigurationSource must not be null");
		this.configSource = configSource;
	}


	/**
	 * Configure a custom {@link CorsProcessor} to use to apply the matched
	 * {@link CorsConfiguration} for a request.
	 * <p>By default {@link DefaultCorsProcessor} is used.
	 */
	public void setCorsProcessor(CorsProcessor processor) {
		Assert.notNull(processor, "CorsProcessor must not be null");
		this.processor = processor;
	}


	@Override
	protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
			FilterChain filterChain) throws ServletException, IOException {

		CorsConfiguration corsConfiguration = this.configSource.getCorsConfiguration(request);
		boolean isValid = this.processor.processRequest(corsConfiguration, request, response);
		//修改的源码是将CorsUtils.isPreFlightRequest(request)这行代码移除，就是因为复杂请求跨域发了预检测请求，浏览器的referrer-policy引用者策略会携带一个值，后端处理之后会将这个值赋值给请求头的Orgin属性上，移除这行代码之后就可以正常访问到登录接口了，前端也没有报跨域了。
        if (!isValid) {
			return;
		}
		filterChain.doFilter(request, response);
	}

}

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97

II 3.2 Ratio: inactivare vel removere consilium in fronte finem pasco, auctor

Adde sequenti codice usque ad frontem finis: disable vel removere auctor-policy` Tour policy

https://blog.csdn.net/qq_49810363/article/details/111036180
1

In Novo codice talis est:

<meta name="referrer" content="never">
1

Relatoris consilium navigatoris etiam ad rationes securitatis pertinet.

4. Libri

Post assiduas conatus et palpationes, quaestio cori instruere crucis-domain incidit post integrationem sa- monis in incepto. Generaliter loquendo, specificationes cori-dominalis protocolli hanc operationem non admittunt -end bibliotheca solutio non patitur operationes postulationis quae protocollum crucis-dominium specificationes non sequuntur, ita uti potes sa- tulo ad separandum solutiones anteriores et finis ante-finis ad rectam positionum solutionum crucis-domain . Configurare SimpleCORSFilter, scribe ambitum specificum, et processum Praedeprehensio petitio redit in CC status codicem, vel duobus modis in hoc articulo uti potes ad solutionem cori-dominalis problematis solvere Solutio, si credis modum in hoc articulo sequi posse, crucis-dominium postulationem localiter exprime, et punctum confractum debug videre, an quaestio sit cum eo. the CorsUtils.isPreFlightRequest(petitionem) linea corsFilter. In genere, haec cors Problema crux-domain est magna quaestio navigatoris. . Cum referentis-consilii auctoris consiliarius valorem feret, post finem processus, hic valor attributus erit Origini attributi petitionis capitis, causans lineam codicis CorsUtils.isPreFlightRequest (petitionem) corsFilter ut verum redderet. et tunc regredi. Filtra sequentium seriei Filtrae non est exsecuta, et accessus ad extremum interfacium non est, et pagina navigatoris anterioris adhuc problemata transversalis nuntiat Haec quaestio molesta est. In https methodum crucis-domain non operatur, quia https auscultat ad portum 443 et libellum requirit. Suspicor hoc postulat libellum figurans Idem in Interrete. Nihil articulorum in hoc articulo solutionem huius rei habent originale.