nginx配置跨越
location / {
add_header 'Access-Control-AllowOrigin' $http_origin;
add_header 'Access-Control-AllowCredentials' 'true';
add_header 'Access-Control-AllowHeaders' 'DNT,web-token,apptoken,Authorization,Accept,Origin,KeepAlive,User-Agent,X-Mx-ReqToken,X-DataType,X-Auth-Token,X-Requested-With,IfModified-Since,Cache-Control,ContentType,Range';
add_header Access-Control-AllowMethods 'GET,POST,OPTIONS';
#如果预检请求则返回成功,不需要转发到后端
if ($request_method = 'OPTIONS') {
#有效时间20天
add_header 'Access-Control-Max-Age'1728000;
add_header 'Content-Type' 'text/plain; charset=utf-8';
add_header 'Content-Length' 0;
return 200;
}
}
拦截器配置跨域
一般都是单独创一个类配置跨域 而不是在每个controller上的每个接口上加跨越信息
//配置跨域
public class CorsInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
//表示接受任意域名的请求,也可以指定域名
response.setHeader("Access-Control-Allow-Origin", request.getHeader("origin"));
//该字段可选,是个布尔值,表示是否可以携带cookie
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Allow-Methods", "GET, HEAD, POST, PUT, PATCH, DELETE, OPTIONS");
response.setHeader("Access-Control-Allow-Headers", "*");
//这里可以不加,但是其他语言开发的话记得处理options请求
/**
* 非简单请求是对那种对服务器有特殊要求的请求,
* 比如请求方式是PUT或者DELETE,或者Content-Type字段类型是application/json。
* 都会在正式通信之前,增加一次HTTP请求,称之为预检。浏览器会先询问服务器,当前网页所在域名是否在服务器的许可名单之中,
* 服务器允许之后,浏览器会发出正式的XMLHttpRequest请求
*/
if(HttpMethod.OPTIONS.toString().equals(request.getMethod())){
return true;
}
return true;
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
}
}
拦截器
@Configuration
public class InterceptorConfig implements WebMvcConfigurer {
@Bean
CorsInterceptor corsInterceptor(){
return new CorsInterceptor();
}
@Override
public void addInterceptors(InterceptorRegistry registry) {
/**
* 拦截全部路径,这个跨域需要放在最上面
*/
registry.addInterceptor(corsInterceptor()).addPathPatterns("/**");
WebMvcConfigurer.super.addInterceptors(registry);
}
}