CORS是一個W3C標準,全稱是”跨域資源共享”(Cross-origin resource sharing),允許瀏覽器向跨源服務器,發出XMLHttpRequest請求,從而克服了AJAX只能同源使用的限制。
它通過服務器增加一個特殊的Header[Access-Control-Allow-Origin]來告訴客戶端跨域的限制,如果瀏覽器支持CORS、并且判斷Origin通過的話,就會允許XMLHttpRequest發起跨域請求。
?
含義解釋:
filter過濾器的作用?
Controller層在需要跨域的類或者方法上加上該注解即可
實戰:
?備注說明:Spring 版本必須大于等于4.2
servlet filter listener順序?增加一個配置類CrossOriginConfig.java。繼承WebMvcConfigurerAdapter或者實現WebMvcConfigurer接口
實戰:
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;/*** AJAX請求跨域*/
@Configuration
public class CorsConfig extends WebMvcConfigurerAdapter {static final String ORIGINS[] = new String[] { "GET", "POST", "PUT", "DELETE" };@Overridepublic void addCorsMappings(CorsRegistry registry) {registry.addMapping("/**").allowedOrigins("*").allowCredentials(true).allowedMethods(ORIGINS).maxAge(3600);}
增加一個CORSFilter 類,并實現Filter接口即可
import java.io.IOException;import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.annotation.Configuration;
import org.springframework.stereotype.Component;/*** * @ClassName: CorsFilter * @Description: SpringBoot 跨域處理攔截器*/@Component
public class CROSFilter implements Filter {public static final Logger logger = LoggerFactory.getLogger(CROSFilter.class);@Overridepublic void init(FilterConfig filterConfig) throws ServletException {// TODO Auto-generated method stub}@Overridepublic void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)throws IOException, ServletException {HttpServletResponse response = (HttpServletResponse) res; HttpServletRequest reqs = (HttpServletRequest) req; /** 跨域設置允所有請求跨域 * 如果允許指定的客戶端跨域設置: http://127.0.0.1:8020*/response.setHeader("Access-Control-Allow-Origin","*"); response.setHeader("Access-Control-Allow-Credentials", "true"); response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE"); response.setHeader("Access-Control-Max-Age", "3600"); response.setHeader("Access-Control-Allow-Headers", "Content-Type"); if (((HttpServletRequest) req).getMethod().equals("OPTIONS")) {response.getWriter().println("ok");return;}chain.doFilter(req, res); }@Overridepublic void destroy() {// TODO Auto-generated method stub}}
解決遇到的錯誤
1、Request header field content-type is not allowed by Access-Control-Allow-Headers in preflight response.
怎么解決cors跨域、解決辦法:
response.setHeader("Access-Control-Allow-Headers", "Content-Type");
2、Response to preflight request doesn't pass access control check: It does not have HTTP ok status.
解決辦法:
if (((HttpServletRequest) req).getMethod().equals("OPTIONS")) {response.getWriter().println("ok");return;}
版权声明:本站所有资料均为网友推荐收集整理而来,仅供学习和研究交流使用。
工作时间:8:00-18:00
客服电话
电子邮件
admin@qq.com
扫码二维码
获取最新动态