springboot开启token校验一直报错No 'Access-Control-Allow-Origin' header is present on the requested resource

1.控制台报错

Access to XMLHttpRequest at 'http://ip:9999/tradeSale/detail?id=6' from origin 'http://ip:8081' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

2.WebConfig

import com.oigcn.association.common.WebInterceptor;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.*;

@Configuration
public class WebConfig implements WebMvcConfigurer {
    @Value("${file.linux.path}")
    private String path;
    /**
     * 拦截器
     * @param registry
     */
    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        registry.addInterceptor(new WebInterceptor())
                .addPathPatterns("/**")
                .excludePathPatterns("/login/**")
                .excludePathPatterns("/images/**")
                .excludePathPatterns("/**/page");
    }
    /**
     * 跨域支持
     * @param registry
     */
    @Override
    public void addCorsMappings(CorsRegistry registry) {
        registry.addMapping("/**")
                .allowCredentials(true)
                .allowedHeaders("*")
                .allowedOrigins("*")
                .allowedMethods("*")
                .maxAge(3600);
    }

    /**
     * 文件上传
     * @param registry
     */
    @Override
    public void addResourceHandlers(ResourceHandlerRegistry registry) {
        registry.addResourceHandler(path + "**").addResourceLocations("file:" + path);
    }
}

3.WebInterceptor

import com.auth0.jwt.interfaces.DecodedJWT;
import com.oigcn.association.utils.TokenUtil;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang.StringUtils;
import org.springframework.web.servlet.HandlerInterceptor;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@Slf4j
public class WebInterceptor implements HandlerInterceptor {
    /**
     * 拦截token
     * @param request
     * @param response
     * @param handler
     * @return
     * @throws Exception
     */
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws AuthException {
        //加上这段话
        String method = request.getMethod();
        if(method.equalsIgnoreCase("OPTIONS")){
            return true;
        }
        String token = request.getHeader("token");
        if(StringUtils.isBlank(token)){
            log.error("未授权url={}",request.getRequestURI());
            throw new AuthException("未授权");
        }
        DecodedJWT jwt = TokenUtil.verify(token);
        if(jwt != null){
            long uid = jwt.getClaim("uid").asLong();
            if(uid > 0){
                return true;
            }
        }else{
            throw new AuthException("未授权");
        }
        return false;
    }
}
        

4.总结

浏览器在发送请求时会默认先发送一次类型为’OPTIONS’且不带任何参数的请求，请求成功后才会发送真正的POST或者GET请求,而在后台拦截器中通常只处理了POST或者get类型的请求，而没有对OPTIONS类型的请求做处理，因此前端发送的预检请求无法通过后端的拦截器，导致真正的POST（GET）请求无法发送,要么在前端过滤掉OPTIONS,要么在后台直接返回