There is a cross-domain error when JavaScript uses headers > Authorization to store token.

< H1 > this problem occurs when Authorization in the headers request header is set < / H1 > < H2 > request exception < / H2 >
Failed to load http://host:port/auth/user/updatePassword: Request header field Authorization is not allowed by Access-Control-Allow-Headers in preflight response.
< H2 > JavaScript Code < / H2 >
@Configuration
public class CorsConfig {
    @Bean
    public OncePerRequestFilter corsFilter() {
        return new OncePerRequestFilter() {
            @Override
            protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
                //
                String allowOrigin = "*";
                //
                String allowMethods = "GET,POST,PUT,DELETE,OPTIONS";
                //
                String allowHeaders = "Content-Type,X-Token";
                //cookie
                String allowCredentials = "true";

                String origin = request.getHeader("Origin");
                //(cookie) * 
                response.setHeader("Access-Control-Allow-Origin", origin == null ? allowOrigin : origin);
                response.setHeader("Access-Control-Allow-Methods", allowMethods);
                response.setHeader("Access-Control-Allow-Credentials", allowCredentials);
                response.setHeader("Access-Control-Allow-Headers", allowHeaders);
                filterChain.doFilter(request, response);
            }
        };
    }
}

is there anything wrong with the above code? Why do you still have cross-domain problems after dealing with the results?

Apr.16,2021

try adding Authorization to allowHeaders


upstairs! After looking for it all afternoon, I was asked to ignore the option request, only this solved the cross-domain problem of adding headers, so I specially registered to thank you!

Menu