解决方法 小程序请求头加个 system 字段 String system = request.getHeader(name: 'system'); 后台判断如果是小程序的 system,则放行 String origin = request.getHeader(name: 'origin'); response.setHeader(name: "Access-Control-Allow-Origin", origin);
微信小程序跨域请求 Invalid CORS request (403)一:现象 1. 微信小程序用“wx.request”通过POST的HTTP request发出请求,结果后台返回Invalid CORS request (403) (1)发出POST请求: [代码]wx.request({[代码][代码] [代码][代码]url: url,[代码][代码] [代码][代码]data: billingData,[代码][代码] [代码][代码]method: [代码][代码]'POST'[代码][代码],[代码][代码] [代码][代码]success: successHandler,[代码][代码] [代码][代码]fail: failureHandler[代码][代码] [代码][代码]})[代码](2)浏览器显示后台返回 Invalid CORS request (403) [代码]{ [代码][代码] [代码][代码]"data"[代码][代码]:[代码][代码]"Invalid CORS request"[代码][代码],[代码][代码] [代码][代码]"header"[代码][代码]:{ [代码][代码] [代码][代码]"Vary"[代码][代码]:[代码][代码]"Origin,Access-Control-Request-Method,Access-Control-Request-Headers"[代码][代码],[代码][代码] [代码][代码]"X-Content-Type-Options"[代码][代码]:[代码][代码]"nosniff"[代码][代码],[代码][代码] [代码][代码]"X-XSS-Protection"[代码][代码]:[代码][代码]"1; mode=block"[代码][代码],[代码][代码] [代码][代码]"Cache-Control"[代码][代码]:[代码][代码]"no-cache, no-store, max-age=0, must-revalidate"[代码][代码],[代码][代码] [代码][代码]"Pragma"[代码][代码]:[代码][代码]"no-cache"[代码][代码],[代码][代码] [代码][代码]"Expires"[代码][代码]:[代码][代码]"0"[代码][代码],[代码][代码] [代码][代码]"X-Frame-Options"[代码][代码]:[代码][代码]"DENY"[代码][代码],[代码][代码] [代码][代码]"Content-Length"[代码][代码]:[代码][代码]"20"[代码][代码],[代码][代码] [代码][代码]"Date"[代码][代码]:[代码][代码]"Wed, 06 Feb 2019 13:15:25 GMT"[代码][代码] [代码][代码]},[代码][代码] [代码][代码]"statusCode"[代码][代码]:403,[代码][代码] [代码][代码]"cookies"[代码][代码]:[ [代码] [代码] [代码][代码]],[代码][代码] [代码][代码]"errMsg"[代码][代码]:[代码][代码]"request:ok"[代码][代码]}[代码] 2. 微信小程序用“wx.request”通过GET的HTTP request发出请求,结果后台返回数据正常 二:问题 1. 本人后台使用java Spring 框架。处理跨域请求时,allowed origin 应该填写哪一个? 据悉,微信小程序的wx.request为微信小程序的后台请求我们自己的后台。 那么如何得知微信小程序的后台的origin,从而设定我们自己后台的 allowed origin 呢? [代码]@Bean[代码][代码] [代码][代码]public[代码] [代码]CorsConfigurationSource corsConfigurationSource() {[代码][代码] [代码][代码]// Development environment - Spring security CORS support[代码][代码] [代码][代码]CorsConfiguration configuration = [代码][代码]new[代码] [代码]CorsConfiguration();[代码] [代码] [代码][代码]configuration.setAllowedOrigins(Arrays.asList(CORS_ALLOWED_ORIGIN_HOST_1, CORS_ALLOWED_ORIGIN_HOST_2));[代码][代码] [代码][代码]...[代码][代码] [代码][代码]return[代码] [代码]source;[代码][代码] [代码][代码]}[代码] 2. 为何GET请求不会有此问题发生,而POST会导致跨域请求的问题? 感谢各位的解答!
2019-08-26