您的位置: 首页  >  技术问答  >  如何在 WSO2IS 5.10.0 中允许 CORS 访问

如何在 WSO2IS 5.10.0 中允许 CORS 访问

分类: 技术问答 2022-07-25 16:20:55
问题描述:

我需要从不同的域访问我的身份服务器,我使用 WSO2IS 提供的 REST 端点进行登录、注册、用户信息等.

I need to access my identity server from a different domain, I am using REST endpoints provided by the WSO2IS for login, signup, user info, etc.

我尝试了以下配置但没有成功:

I have tried the following configuration without any success:

  1. https://docs.wso2.com/display/IS530/Invoking+an+Endpoint+from+a+Different+Domain
  2. http://hasanthipurnima.blogspot.com/2016/05/applying-cors-filter-to-wso2-identity.html
  3. CORS 在 wso2 身份服务器中被阻止

将以下配置添加到 /repository/resources/conf/templates/repository/conf/tomcat/web.xml.WSO2 Identity Server 分发包中的 j2.

请注意,以下示例取自 https://github.com/wso2/identity-apps#run-in-dev-mode.这也适用于您.

Note that below is a sample taken from https://github.com/wso2/identity-apps#run-in-dev-mode. This should work for you as well.

    <filter>
        <filter-name>CORS</filter-name>
        <filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class>
        <init-param>
            <param-name>cors.allowOrigin</param-name>
            <param-value>https://localhost:9000, https://localhost:9001</param-value>
        </init-param>
        <init-param>
            <param-name>cors.supportedMethods</param-name>
            <param-value>GET, HEAD, POST, DELETE, OPTIONS, PATCH, PUT</param-value>
        </init-param>
        <init-param>
                   <param-name>cors.exposedHeaders</param-name>
                   <param-value>Location</param-value>
        </init-param>
    </filter>

    <filter-mapping>
        <filter-name>CORS</filter-name>
        <url-pattern>/*</url-pattern>
        <dispatcher>REQUEST</dispatcher>
        <dispatcher>FORWARD</dispatcher>
    </filter-mapping>

在上面cors.allowOriginparam-value中添加你想要允许CORS的主机(你可以添加多个逗号分隔或空格分隔的值).如果主机有一个端口,也应该包括在内.理想情况下,它应该采用 ://: 格式.

In the above for param-value of <param-name>cors.allowOrigin</param-name> Add the hosts you want to allow CORS(You can add multiple Comma-separated or Whitespace-separated values). If the host has a port, that should be included as well. Ideally it should be in the format <protocol>://<host>:<port>.

同样在上述 cors.supportedMethodsparam-value 中.添加您需要的 HTTP 方法(您将始终需要 OPTIONS 方法,因为这是用于 CORS 检查的方法).

Also in the above for param-value of <param-name>cors.supportedMethods</param-name>. Add the HTTP methods you will need (You will always need the OPTIONS method as that is the one used for the CORS check).

您可以使用 配置来配置 URL 以允许 CORS.<url-pattern>/*</url-pattern> 表示身份服务器的所有 URL 都允许使用 CORS.

You can configure the URLs to allow CORS using the <url-pattern> config. <url-pattern>/*</url-pattern> means CORS is allowed for all URLs of the Identity Server.

有关 CORS 过滤器配置的更多信息,请参阅:http://software.dzhuvinov.com/cors-filter-configuration.html

For more info on the CORS filter configurations refer: http://software.dzhuvinov.com/cors-filter-configuration.html

相关推荐