关闭

Springmvc 支持 cors跨域请求

2421人阅读 评论(1) 收藏 举报
分类:

1、spring版本 4.3.2 + 

2、xml配置:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd">
<context:component-scan base-package="xxxx.action" />
<context:annotation-config />
<mvc:annotation-driven />
<mvc:cors>
<mvc:mapping path="/xxxx/xxxx"/>
</mvc:cors>
<bean id="multipartResolver" class="org.springframework.web.multipart.commons.CommonsMultipartResolver"/>
<!-- 静态资源映射 -->
<mvc:resources mapping="/xxxx/img/**" location="/WEB-INF/img/"/>
</beans>

更复杂的配置:

<mvc:cors>  
  
    <mvc:mapping path="/api/**"  
        allowed-origins="http://domain1.com, http://domain2.com"  
        allowed-methods="GET, PUT"  
        allowed-headers="header1, header2, header3"  
        exposed-headers="header1, header2" allow-credentials="false"  
        max-age="123" />  
  
    <mvc:mapping path="/resources/**"  
        allowed-origins="http://domain1.com" />  
  
</mvc:cors>  


http://www.springframework.org/schema/mvc/spring-mvc.xsd

xsd中可以看到,cors配置各个配置项的默认取值


<xsd:element name="cors">
<xsd:annotation>
<xsd:documentation>
<![CDATA[ Configure cross origin requests processing. ]]>
</xsd:documentation>
</xsd:annotation>
<xsd:complexType>
<xsd:sequence>
<xsd:element name="mapping" minOccurs="1" maxOccurs="unbounded">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
Enable cross origin requests processing on the specified path pattern. By default, all origins, GET HEAD POST methods, all headers and credentials are allowed and max age is set to 30 minutes.
]]>
</xsd:documentation>
</xsd:annotation>
<xsd:complexType>
<xsd:attribute name="path" type="xsd:string" use="required">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
A path into the application that should handle CORS requests. Exact path mapping URIs (such as "/admin") are supported as well as Ant-stype path patterns (such as /admin/**).
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="allowed-origins" type="xsd:string">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
Comma-separated list of origins to allow, e.g. "http://domain1.com, http://domain2.com". The special value "*" allows all domains (default).
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="allowed-methods" type="xsd:string">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
Comma-separated list of HTTP methods to allow, e.g. "GET, POST". The special value "*" allows all method. By default GET, HEAD and POST methods are allowed.
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="allowed-headers" type="xsd:string">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
Comma-separated list of headers that a pre-flight request can list as allowed for use during an actual request. The special value of "*" allows actual requests to send any header (default).
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="exposed-headers" type="xsd:string">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
Comma-separated list of response headers other than simple headers (i.e. Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, Pragma) that an actual response might have and can be exposed. Empty by default.
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="allow-credentials" type="xsd:boolean">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
Whether user credentials are supported (true by default).
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="max-age" type="xsd:long">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
How long, in seconds, the response from a pre-flight request can be cached by clients. 1800 seconds (30 minutes) by default.
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
</xsd:complexType>
</xsd:element>
</xsd:sequence>
</xsd:complexType>
</xsd:element>

0
1

查看评论
* 以上用户言论只代表其个人观点,不代表CSDN网站的观点或立场
    个人资料
    • 访问:7821975次
    • 积分:67122
    • 等级:
    • 排名:第29名
    • 原创:254篇
    • 转载:2716篇
    • 译文:3篇
    • 评论:716条
    文章分类
    最新评论