jdk1.7+Spring 4.3跨域问题解决

遗留项目 jdk1.7.0_79 + spring mvc (4.3.2)

接口为了支持跨域访问 Nginx作了以下的配置

location /cgi/myCollections {
        add_header Access-Control-Allow-Credentials true;
        add_header Access-Control-Allow-Origin $http_origin;
        proxy_pass http://localhost:8081/cgi/myCollections;
    }

可是跨域访问的时候 Status Code: 403 Forbidden

1.  Request URL: http://aaa.foo.com/cgi/myCollections?type=STK&page=1&size=1000
    
2.  Request Method: OPTIONS
    
3.  Status Code: 403 Forbidden

同时Console中错误信息以下

Access to XMLHttpRequest at 'http://aaa.foo.com/cgi/myCollections?type=STK&page=1&size=1000' from origin 'http://bbb.foo.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

为何Nginx明明已经配置了Access-Control-Allow-Origin 怎么还会报这样的错呢

因而尝试在代码中显式添加@CrossOrigin 看看是否有一样的问题
可是编译就报错了

annotation org.springframework.web.bind.annotation.CrossOrigin is missing value for the attribute <clinit>

缘由：jdk的bug 得升级jdk

It says that this was a known and resolved issue in java 1.8 and has been back-ported to java 7. So, Update to the latest java 7 version (7u80) or Java 8 version.
https://stackoverflow.com/que...

因而升级了到jdk1.7.0_80 果真能正常编译了 因而取消了Nginx配置 跨域请求正常

引伸问题

• 为何代码中配置就能够 可是Nginx配置就不行呢

缘由： 代码中作了限制 详见org.springframework.web.cors.DefaultCorsProcessor#processRequest

boolean preFlightRequest = CorsUtils.isPreFlightRequest(request);
if (config == null) {
    if (preFlightRequest) {
        rejectRequest(serverResponse);
        return false;
    }
    else {
        return true;
    }
}

这种状况下Nginx须要以下配置

location /cgi/myCollections {
    add_header Access-Control-Allow-Credentials true;
    add_header Access-Control-Allow-Origin $http_origin;
    add_header Access-Control-Allow-Headers UID;
    proxy_set_header Host 'bbb.foo.com';
    proxy_pass http://localhost:8081/cgi/myCollections;
}

参考文档

https://spring.io/blog/2015/0...