Play Framework 2.3 – CORS标题
更新新的Play 2.5提供了一个新的CORSfilter
随着新的2.3 Java版本完成将Response类迁移到Promise类,以下代码不再有效。
public class CorsAction extends Action.Simple { public Result call(Context context) throws Throwable{ Response response = context.response(); response.setHeader("Access-Control-Allow-Origin", "*"); //Handle preflight requests if(context.request().method().equals("OPTIONS")) { response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE"); response.setHeader("Access-Control-Max-Age", "3600"); response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content- Type, Accept, Authorization, X-Auth-Token"); response.setHeader("Access-Control-Allow-Credentials", "true"); response.setHeader("Access-Control-Allow-Origin", "*"); return ok() } response.setHeader("Access-Control-Allow-Headers","X-Requested-With, Content-Type, X- Auth-Token"); return delegate.call(context); } } 我正在开发Play(Java)2.3中的应用程序,我已经查看并尝试了不同的方法来启用CORS – 包括向路由文件添加/ OPTIONS方法 – 但没有成功。
我非常感谢新的Response实现如何处理这种类型的拦截,因为在新的Promise类中实现时,它似乎没有对头文件产生任何影响。
在此先感谢您的帮助!!
解决了这个问题:
来自服务器的所有API响应都应包含标题:“Access-Control-Allow-Origin”,“*”。 我们需要为所有动作响应编写一个包装器。
在Global.java中
import java.net.URL; import play.*; import play.libs.F.Promise; import play.mvc.Action; import play.mvc.Http; import play.mvc.Result; public class Global extends GlobalSettings { // For CORS private class ActionWrapper extends Action.Simple { public ActionWrapper(Action action) { this.delegate = action; } @Override public Promise call(Http.Context ctx) throws java.lang.Throwable { Promise result = this.delegate.call(ctx); Http.Response response = ctx.response(); response.setHeader("Access-Control-Allow-Origin", "*"); return result; } } @Override public Action onRequest(Http.Request request, java.lang.reflect.Method actionMethod) { return new ActionWrapper(super.onRequest(request, actionMethod)); } }
POST,PUT等服务器请求在主请求之前向服务器发出预检请求。 这些预检请求的响应应包含以下标题:
“Access-Control-Allow-Origin”,“ ”“Allow”,“ ”“Access-Control-Allow-Methods”,“POST,GET,PUT,DELETE,OPTIONS”“Access-Control-Allow-Headers”,“ Origin,X-Requested-With,Content-Type,Accept,Referer,User-Agent“
在路线中添加:
OPTIONS /*all controllers.Application.preflight(all)
在Application Coltroller中:
package controllers; import play.mvc.*; public class Application extends Controller { public static Result preflight(String all) { response().setHeader("Access-Control-Allow-Origin", "*"); response().setHeader("Allow", "*"); response().setHeader("Access-Control-Allow-Methods", "POST, GET, PUT, DELETE, OPTIONS"); response().setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, Referer, User-Agent"); return ok(); } }
PS:通过这种方法,我不必为此创建一个scalafilter。
看起来你可能已经解决了你的问题,但为了清楚起见……
你非常接近…我相信你不需要实例化你自己的Response对象,你可以通过一个方法调用传入的对象:
public Result call() throws Throwable { response().setHeader("Access-Control-Allow-Origin", "*"); //Handle preflight requests if(request().method().equals("OPTIONS")) { response().setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE"); response().setHeader("Access-Control-Max-Age", "3600"); response().setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content- Type, Accept, Authorization, X-Auth-Token"); response().setHeader("Access-Control-Allow-Credentials", "true"); response().setHeader("Access-Control-Allow-Origin", "*"); return ok(); } else { return badRequest(); } }
希望有所帮助。
来自enable-cors-in-java-play-framework-2-2-x的交叉post。
@alexhanschke提出的解决方案在请求抛出exception(内部服务器错误)时不起作用,因为在发生这种情况时不应用filter(请参阅https://github.com/playframework/playframework/issues/2429 )。 要解决这个问题,你必须包装一个scala类并返回结果,如下所示。 请注意,这仍然需要指定的选项路由和控制器来处理选项请求。
在这里查看整个内容https://gist.github.com/tinusn/38c4c110f7cd1e1ec63f 。
import static play.core.j.JavaResults.BadRequest; import static play.core.j.JavaResults.InternalServerError; import static play.core.j.JavaResults.NotFound; import java.util.ArrayList; import java.util.List; import play.GlobalSettings; import play.api.mvc.Results.Status; import play.libs.F.Promise; import play.libs.Scala; import play.mvc.Action; import play.mvc.Http; import play.mvc.Result; import scala.Tuple2; import scala.collection.Seq; public class Global extends GlobalSettings { private class ActionWrapper extends Action.Simple { public ActionWrapper(Action action) { this.delegate = action; } @Override public Promise call(Http.Context ctx) throws java.lang.Throwable { Promise result = this.delegate.call(ctx); Http.Response response = ctx.response(); response.setHeader("Access-Control-Allow-Origin", "*"); return result; } } /* * Adds the required CORS header "Access-Control-Allow-Origin" to successfull requests */ @Override public Action onRequest(Http.Request request, java.lang.reflect.Method actionMethod) { return new ActionWrapper(super.onRequest(request, actionMethod)); } private static class CORSResult implements Result { final private play.api.mvc.Result wrappedResult; public CORSResult(Status status) { List> list = new ArrayList>(); Tuple2 t = new Tuple2("Access-Control-Allow-Origin","*"); list.add(t); Seq> seq = Scala.toSeq(list); wrappedResult = status.withHeaders(seq); } public play.api.mvc.Result toScala() { return this.wrappedResult; } } /* * Adds the required CORS header "Access-Control-Allow-Origin" to bad requests */ @Override public Promise onBadRequest(Http.RequestHeader request, String error) { return Promise. pure(new CORSResult(BadRequest())); } /* * Adds the required CORS header "Access-Control-Allow-Origin" to requests that causes an exception */ @Override public Promise onError(Http.RequestHeader request, Throwable t) { return Promise. pure(new CORSResult(InternalServerError())); } /* * Adds the required CORS header "Access-Control-Allow-Origin" when a route was not found */ @Override public Promise onHandlerNotFound(Http.RequestHeader request) { return Promise. pure(new CORSResult(NotFound())); } }
这对我有用。 但是,您可能需要调整一些参数(application.conf)
第1步创建filter类(UrlFilter)
package filters; import play.mvc.EssentialFilter; import play.filters.cors.CORSFilter; import play.http.DefaultHttpFilters; import javax.inject.Inject; public class UrlFilter extends DefaultHttpFilters { @Inject public UrlFilter(CORSFilter corsFilter) { super(corsFilter); } }
步骤2在build.sbt中导入filter包
libraryDependencies += filters
步骤3在application.conf中注册UrlFilter类
play.http.filters = "filters.UrlFilter"
注意:请记住指向其确切位置。 我在app / filters / UrlFilter.java中
步骤4添加允许“访问控制允许原点”的实际配置等等。 到application.conf
play.filters.cors { # The path prefixes to filter. pathPrefixes = ["/"] # The allowed origins. If null, all origins are allowed. allowedOrigins = null # The allowed HTTP methods. If null, all methods are allowed allowedHttpMethods = null # The allowed HTTP headers. If null, all headers are allowed. allowedHttpHeaders = null # The exposed headers exposedHeaders = [] # Whether to support credentials supportsCredentials = true # The maximum amount of time the CORS meta data should be cached by the client preflightMaxAge = 1 hour }
信用 https://www.playframework.com/documentation/2.5.x/CorsFilter
https://www.playframework.com/documentation/2.5.x/resources/confs/filters-helpers/reference.conf
对于我在chrome,firefox和explorer中工作的配置:
Play Framework CORS Headers