1 入门干货 http://blog.csdn.net/isea533/article/details/50449907 --Spring MVC 4.2 增加 CORS 支持 --必看
http://blog.csdn.net/wabiaozia/article/details/78771709 --我写的跨域小结 --必看
跨域CORS和防止CSRF的几种方式:https://my.oschina.net/hosee/blog/903665 --必看
https://developer.mozilla.org/zh-CN/docs/Web/HTTP/Access_control_CORS
2 https://my.oschina.net/hehongbo/blog/779802
3 http://www.imooc.com/article/7719
4 几种解决方案http://www.cnblogs.com/mafly/p/cors.html
5 代码干货 http://www.jianshu.com/p/d05303d34222
6 当然最好还是看官方文档 springmvc4.3.4 第27条 http://docs.spring.io/spring/docs/current/spring-framework-reference/htmlsingle/
7 token 问什么放在header?http://blog.csdn.net/wabiaozia/article/details/75196787
8 几种跨域方式--阮一峰
http://www.ruanyifeng.com/blog/2016/04/same-origin-policy.html 浏览器同源政策及其规避方法
http://www.ruanyifeng.com/blog/2016/04/cors.html 跨域资源共享 CORS 详解
开发文档 https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS(预请求和真正发送请求)
附录
请求的流程先经过filter再到sevlet(doget dopost),web.xml中元素执行的顺序listener->filter->struts拦截器->servlet。
http://blog.csdn.net/wabiaozia/article/details/77124176
Tomcat源码分析(二)------ 一次完整请求的里里外外 http://blog.csdn.net/cutesource/article/details/5040417
Servlet中的过滤器Filter详解 http://blog.csdn.net/sd0902/article/details/8395641
spingMVC 3.X跨域?
如何支持复杂跨域 http://www.cnblogs.com/asfeixue/p/4363372.html
public class CrossInterceptor extends HandlerInterceptorAdapter { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { response.addHeader("Access-Control-Allow-Origin","*"); response.addHeader("Access-Control-Allow-Methods","*"); response.addHeader("Access-Control-Max-Age","100"); response.addHeader("Access-Control-Allow-Headers", "Content-Type"); response.addHeader("Access-Control-Allow-Credentials","false"); return super.preHandle(request, response, handler); } }
<mvc:interceptors> <mvc:interceptor> <mvc:mapping path="/**/*"/> <bean class="cn.***.filter.CrossInterceptor" /> </mvc:interceptor> </mvc:interceptors>
public class CrossFilter extends OncePerRequestFilter { @Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { if (request.getHeader("Access-Control-Request-Method") != null && "OPTIONS".equals(request.getMethod())) { // CORS "pre-flight" request response.addHeader("Access-Control-Allow-Origin", "*"); response.addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE"); response.addHeader("Access-Control-Allow-Headers", "Content-Type"); response.addHeader("Access-Control-Max-Age", "1800");//30 min } filterChain.doFilter(request, response); } }
<filter> <filter-name>cors</filter-name> <filter-class>cn.***.filter.CrossFilter</filter-class> </filter> <filter-mapping> <filter-name>cors</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
- springMVC 4.X跨域
升级spring版本的后,上述跨域并不支持所有浏览器。经测试,Safari正常,chrome异常。重新翻了一下最新的文档后,得到最新的跨域配置如下:
<mvc:cors> <mvc:mapping path="/**" allowed-origins="*" allow-credentials="true" max-age="1800" allowed-methods="GET,POST,OPTIONS"/> </mvc:cors>
相比3.x系列,简单了很多
OncePerRequestFilter的作用
Spring MVC中各个filter的用法