spring cloud gatewayThe ‘Access-Control-Allow-Origin’ header contains multiple values “*, *”, but only one is allowed.

原创 2019-07-16 20:53 阅读(5253)次

spring cloud gateway网关中加入了跨域支持,但是报了:

The ‘Access-Control-Allow-Origin’ header contains multiple values “*, *”, but only one is allowed.

错误显示设置了两次Access-Control-Allow-Origin:*,但我的代码我确定只设置了一次,怀疑是哪出了问题,找了一上午问题,百度到说是gateway的bug

我的版本:

spring cloud gateway:2.1.2

spring cloud: Greenwich.SR2

解决办法如下:

设置跨域:

  1. import org.springframework.cloud.client.discovery.DiscoveryClient;
  2. import org.springframework.cloud.gateway.discovery.DiscoveryClientRouteDefinitionLocator;
  3. import org.springframework.cloud.gateway.discovery.DiscoveryLocatorProperties;
  4. import org.springframework.cloud.gateway.route.RouteDefinitionLocator;
  5. import org.springframework.context.annotation.Bean;
  6. import org.springframework.context.annotation.Configuration;
  7. import org.springframework.http.HttpHeaders;
  8. import org.springframework.http.HttpMethod;
  9. import org.springframework.http.HttpStatus;
  10. import org.springframework.http.codec.ServerCodecConfigurer;
  11. import org.springframework.http.codec.support.DefaultServerCodecConfigurer;
  12. import org.springframework.http.server.reactive.ServerHttpRequest;
  13. import org.springframework.http.server.reactive.ServerHttpResponse;
  14. import org.springframework.web.cors.reactive.CorsUtils;
  15. import org.springframework.web.server.ServerWebExchange;
  16. import org.springframework.web.server.WebFilter;
  17. import org.springframework.web.server.WebFilterChain;
  18. import reactor.core.publisher.Mono;
  19. @Configuration
  20. public class CorsConfig {
  21. private static final String MAX_AGE = "18000L";
  22. @Bean
  23. public WebFilter corsFilter() {
  24. return (ServerWebExchange ctx, WebFilterChain chain) -> {
  25. ServerHttpRequest request = ctx.getRequest();
  26. if (CorsUtils.isCorsRequest(request)) {
  27. HttpHeaders requestHeaders = request.getHeaders();
  28. ServerHttpResponse response = ctx.getResponse();
  29. HttpMethod requestMethod = requestHeaders.getAccessControlRequestMethod();
  30. HttpHeaders headers = response.getHeaders();
  31. headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, requestHeaders.getOrigin());
  32. headers.addAll(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, requestHeaders
  33. .getAccessControlRequestHeaders());
  34. if(requestMethod != null){
  35. headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, requestMethod.name());
  36. }
  37. headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true");
  38. headers.add(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, "*");
  39. headers.add(HttpHeaders.ACCESS_CONTROL_MAX_AGE, MAX_AGE);
  40. if (request.getMethod() == HttpMethod.OPTIONS) {
  41. response.setStatusCode(HttpStatus.OK);
  42. return Mono.empty();
  43. }
  44. }
  45. return chain.filter(ctx);
  46. };
  47. }
  48. @Bean
  49. public ServerCodecConfigurer serverCodecConfigurer() {
  50. return new DefaultServerCodecConfigurer();
  51. }
  52. /**
  53. * 如果使用了注册中心(如:Eureka),进行控制则需要增加如下配置
  54. */
  55. @Bean
  56. public RouteDefinitionLocator discoveryClientRouteDefinitionLocator(DiscoveryClient discoveryClient,
  57. DiscoveryLocatorProperties properties) {
  58. return new DiscoveryClientRouteDefinitionLocator(discoveryClient, properties);
  59. }
  60. }
修改响应头,去掉*:

  1. import java.util.ArrayList;
  2. import org.springframework.cloud.gateway.filter.GatewayFilterChain;
  3. import org.springframework.cloud.gateway.filter.GlobalFilter;
  4. import org.springframework.cloud.gateway.filter.NettyWriteResponseFilter;
  5. import org.springframework.core.Ordered;
  6. import org.springframework.http.HttpHeaders;
  7. import org.springframework.stereotype.Component;
  8. import org.springframework.web.server.ServerWebExchange;
  9. import reactor.core.publisher.Mono;
  10. @Component("corsResponseHeaderFilter")
  11. public class CorsResponseHeaderFilter implements GlobalFilter, Ordered {
  12. @Override
  13. public int getOrder() {
  14. // 指定此过滤器位于NettyWriteResponseFilter之后
  15. // 即待处理完响应体后接着处理响应头
  16. return NettyWriteResponseFilter.WRITE_RESPONSE_FILTER_ORDER + 1;
  17. }
  18. @Override
  19. public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
  20. return chain.filter(exchange).then(Mono.defer(() -> {
  21. exchange.getResponse().getHeaders().entrySet().stream()
  22. .filter(kv -> (kv.getValue() != null && kv.getValue().size() > 1))
  23. .filter(kv -> (kv.getKey().equals(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)
  24. || kv.getKey().equals(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS)))
  25. .forEach(kv -> {
  26. kv.setValue(new ArrayList<String>() {{
  27. add(kv.getValue().get(0));
  28. }});
  29. });
  30. return chain.filter(exchange);
  31. }));
  32. }
  33. }

参考:https://blog.csdn.net/xht555/article/details/89484091