chorme 의 OPTION Method호출

카테고리 없음

chorme 의 OPTION Method호출

yimoc 2019. 6. 27. 15:27

Chorme 브라우져에서 POST를 요청할때 OPTION으로 바뀌어서 서버로 호출하는 경우가 발생한다.

nexacro studio에서 개발툴의 webserver로 구동하고 STS에서 tomcat구동시 발생한다.

console 이경우 아래 처럼 오류가 나온다.

SystemBase_HTML5.js:8133 OPTIONS http://localhost:8080/nexup/simpleresponse.do 500 (Internal Server Error)
nexacro.__startCommunication @ SystemBase_HTML5.js:8133
nexacro._startCommunication @ SystemBase.js:6128
nexacro._loadData @ SystemBase.js:6035
__pLoadManager.loadDataModule @ Platform.js:1157
_pForm.transaction @ FormBase.js:3814
Button00_onclick @ tt.xfdl.js:49
_pEventListener._fireEvent @ SystemBase.js:2632
_pComponent.on_fire_onclick @ CompEventBase.js:3832
_pComponent._on_click @ CompEventBase.js:526
__pWindow._on_default_sys_lbuttonup @ Platform.js:3462
nexacro._syshandler_lock_onmouseup @ Platform_HTML5.js:1481
_cur_win._syshandler_lock_onmouseup_forward @ Platform_HTML5.js:491
quickview.html?screenid=Desktop_screen&formname=Base::tt.xfdl:1 Access to XMLHttpRequest at 'http://localhost:8080/nexup/simpleresponse.do' from origin 'http://127.0.0.1:4098' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

아래처럼 Invalid CORS request가 발생된다.

OPTIONS http://localhost:8080/nexup/simpleresponse.do HTTP/1.1
Host: localhost:8080
Connection: keep-alive
Access-Control-Request-Method: POST
Origin: http://127.0.0.1:4098
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36
Access-Control-Request-Headers: cache-control,content-type,x-requested-with
Accept: */*
Referer: http://127.0.0.1:4098/quickview.html?screenid=Desktop_screen&formname=Base::tt.xfdl
Accept-Encoding: gzip, deflate, br
Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7

HTTP/1.1 403 Forbidden
Server: Apache-Coyote/1.1
Allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
Content-Length: 20
Date: Thu, 27 Jun 2019 06:24:08 GMT

Invalid CORS request

해결하기위해서는 CORS 위해 세팅해야한다.

<mvc:cors>

<mvc:mapping path="/**/>

</mvc:cors>

위의 PreFlightHandler 처리를 위해서 HttpHttpRequestHandlerAdapter가 필요하다.

해당 Controller에서 @CrossOrigin 설정

하지 않는경우 Status Code:403 Forbidden 으로 응답처리 된다.

설정하면

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Access-Control-Allow-Origin: http://127.0.0.1:4098
Vary: Origin
Access-Control-Allow-Methods: GET,HEAD,POST
Access-Control-Allow-Headers: cache-control, content-type, x-requested-with
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 1800
Allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
Content-Length: 0
Date: Thu, 27 Jun 2019 06:19:08 GMT

POST http://localhost:8080/nexup/simpleresponse.do HTTP/1.1
Host: localhost:8080
Connection: keep-alive
Content-Length: 0
Accept: application/xml, text/xml, */*
cache-control: no-cache
Origin: http://127.0.0.1:4098
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36
Content-Type: text/xml
Referer: http://127.0.0.1:4098/quickview.html?screenid=Desktop_screen&formname=Base::tt.xfdl
Accept-Encoding: gzip, deflate, br
Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Access-Control-Allow-Origin: http://127.0.0.1:4098
Vary: Origin
Access-Control-Allow-Credentials: true
Content-Type: text/html;charset=UTF-8
Content-Language: ko-KR
Transfer-Encoding: chunked
Date: Thu, 27 Jun 2019 06:19:08 GMT

df
SSV:UTF-8ErrorCode:int=0Dataset:ds1_RowType_col2:string(32)col1:string(32)N

0

다시 문제점 발생 재요청시 다시 요청하지 않는다??