我正在尝试设置响应的“Access-Control-Allow-Origin: *”标头。但是,标头不存在。我究竟做错了什么?
public class JsonApplication extends Application
{
private static final String SERVER_URL = "http://localhost:8111";
public static void main(String[] args) throws Exception
{
Server testServer = new Server(Protocol.HTTP, 8111);
JsonApplication jsonApplication = new JsonApplication();
CorsService corsService = new CorsService();
corsService.setAllowedOrigins( new HashSet(Arrays.asList("*")));
corsService.setAllowedCredentials(true);
jsonApplication.getServices().add( corsService );
testServer.setNext( jsonApplication );
testServer.start();
}
@Override
public Restlet createInboundRoot()
{
Router router = new Router( getContext() );
router.attach( SERVER_URL + "/", RootResource.class );
return router;
}
}
我检查了 org.restlet.engine.application.CorsResponseHelper 的源代码,它包含以下代码:
public void addCorsResponseHeaders(Request request, Response response) {
String origin = request.getHeaders().getFirstValue("Origin", true);
if (origin == null) {
// Not a CORS request
return;
}
...
}
因此,当前的 CORS 实现似乎不支持从本地 html 文件发出的请求,因为在这种情况下 origin == null。
我向 servlet 应用程序添加了一些日志记录:
JsonApplication::createInboundRoot()
16:26 MyCorsService()
16:26 myCorsService = wwwdbase.rest.cors.MyCorsService@6e1b241d
16:26 MyCorsService::setAllowedOrigins(), [*]
16:26 services: [org.restlet.service.TunnelService@4c88fe62,
org.restlet.service.StatusService@68349a5b,
org.restlet.service.DecoderService@77cfd8d3,
org.restlet.service.EncoderService@40c331fb,
org.restlet.service.RangeService@4bb3bc6f,
org.restlet.service.ConnectorService@7990100,
org.restlet.service.ConnegService@e194860,
org.restlet.service.ConverterService@578cfcb1,
org.restlet.service.MetadataService@18a62eb,
org.restlet.service.TaskService@4ed4f2db,
wwwdbase.rest.cors.MyCorsService@6e1b241d]
我们可以看到MyCorsService可用。然而,servlet 框架永远不会调用它。另一方面,如果我从 IDE 运行该服务(Java SE 版本),则会调用 MyCorsService。为什么这些案例表现不同?
部分解决方案:我设法通过更改 org.restlet.engine.header.HeaderUtils 中的代码来添加允许原始标头
if (response.getAccessControlAllowOrigin() != null)
{
addHeader(HeaderConstants.HEADER_ACCESS_CONTROL_ALLOW_ORIGIN,
response.getAccessControlAllowOrigin(), headers);
}
to
if (response.getAccessControlAllowOrigin() != null)
{
addHeader(HeaderConstants.HEADER_ACCESS_CONTROL_ALLOW_ORIGIN,
response.getAccessControlAllowOrigin(), headers);
}
else
{
// --- Add in any case!
//
response.setAccessControlAllowOrigin( "*" );
addHeader(HeaderConstants.HEADER_ACCESS_CONTROL_ALLOW_ORIGIN,
response.getAccessControlAllowOrigin(), headers);
}
然而,为什么Tomcat中的servlet框架没有调用cors服务这个问题的答案仍然未知......