At present, the project structure is VUE as the front-end, and the back-end uses the micro service architecture. When developing, the front-end needs to cross domain request data, and the simple cross domain request needs are solved through ZuulFilter configuration. However, when the token information needs to be added to the header of the request, the request fails, and the browser and the background both display OPTIONS type request related prompts.
Failed to load http://192.168.1.149:8000/server/addressbook/delete: Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header contains multiple values 'http://192.168.1.242:5500, http://192.168.1.242:5500', but only one is allowed. Origin 'http://192.168.1.242:5500' is therefore not allowed access.
In fact, it's clear here that the header contains multiple values and only one value is allowed. Then let's look at the request information
Why is that? In fact, we get the RequestContext when we use ZuulFilter, which brings us access control allow origin and access control allow credentials, so we don't need to add them in the program
import com.netflix.zuul.ZuulFilter; import com.netflix.zuul.context.RequestContext; import com.zuul.mgzuul.util.JwtHelperUtil; import com.zuul.mgzuul.util.RedisUtil; import lombok.extern.slf4j.Slf4j; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.cloud.netflix.zuul.filters.support.FilterConstants; import org.springframework.stereotype.Component; import javax.annotation.Resource; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; /** * @Author Tang Yin * @Description //TODO * @Date 2018-01-03 14:20 * @ClassName MyFilter * @ClassNotes **/ @Slf4j @Component public class MyFilter extends ZuulFilter { @Resource private RedisUtil redisUtil; @Autowired private JwtHelperUtil jwtHelperUtil; @Override public String filterType() { /* pre: Can be called before the request is routed. route: Called when routing a request post: Called after route and error filters error: Called when an error occurs while processing a request * */ // Prefilter return FilterConstants.PRE_TYPE; } @Override public int filterOrder() { //// Priority is 0, the larger the number, the lower the priority return 0; } @Override public boolean shouldFilter() { // RequestContext ctx = RequestContext.getCurrentContext(); // HttpServletRequest request = ctx.getRequest(); // //Filter all kinds of POST request // if(request.getMethod().equals(RequestMethod.OPTIONS.name())){ // return true; // } return true; } @Override public Object run() { System.out.println("*****************PostFilter run start*****************"); RequestContext ctx = RequestContext.getCurrentContext(); HttpServletResponse response = ctx.getResponse(); HttpServletRequest request = ctx.getRequest(); //response.setHeader("Access-Control-Allow-Origin",request.getHeader("Origin")); //Note out here //response.setHeader("Access-Control-Allow-Credentials","true"); //Note out here response.setHeader("Access-Control-Expose-Headers","X-forwared-port, X-forwarded-host,Origin, No-Cache, X-Requested-With, If-Modified-Since, Pragma, Last-Modified, Cache-Control, Expires, Content-Type, X-E4M-With,Authorization,Token,accessToken"); response.setHeader("Vary","Origin,Access-Control-Request-Method,Access-Control-Request-Headers"); String accessToken = request.getHeader("accessToken"); //Cross domain request for release if ("OPTIONS".equalsIgnoreCase(request.getMethod())) { ctx.setSendZuulResponse(true); ctx.setResponseStatusCode(200); System.out.println("*****************PostFilter run end*****************"); return null; } String url = request.getRequestURI(); if(url.indexOf("/login")!=-1){ ctx.setSendZuulResponse(true); ctx.setResponseStatusCode(200); System.out.println("*****************PostFilter run end*****************"); return null; } //Verification token //String accessToken = request.getHeader("accessToken"); /*String accessToken = request.getParameter("accessToken"); if(StringUtils.isBlank(accessToken)){ log.debug("accessToken Non-existent! ""; ctx.setSendZuulResponse(false); ctx.setResponseStatusCode(401);// Return error code ctx.setResponseBody("{\"result\":\"token \ "}") does not exist; / / error content returned ctx.set("isSuccess", false); return null; } Object token_ob = redisUtil.get(accessToken); if(token_ob == null){ log.debug("accessToken Expired '); ctx.setSendZuulResponse(false); ctx.setResponseStatusCode(401);// Return error code ctx.setResponseBody("{\"result\":\"token Expired \ "}"); / / error returned ctx.set("isSuccess", false); return null; }else { Claims claims = jwtHelperUtil.parseJWT(accessToken); if(claims == null){ log.debug("accessToken Error ""; ctx.setSendZuulResponse(false); ctx.setResponseStatusCode(401);// Return error code ctx.setResponseBody("{\"result\":\"token Error \ "}"); / / error content returned ctx.set("isSuccess", false); return null; } } //Update login expiration time after passing redisUtil.set(accessToken,accessToken, 259200);*/ //Allow routing to continue ctx.setSendZuulResponse(true); ctx.setResponseStatusCode(200); System.out.println("*****************PostFilter run end*****************"); return null; } }
After commenting out, ok has successfully solved the problem (note that after zuul has made cross domain settings, it is not necessary to do it again in each service, otherwise this problem will occur)
QQ group: 216868740