网络上关于跨域的请求都是把Access-Control-Allow-Origin:*,但是这是否适合所有的场景呢?
package vip.fkandy;
import javax.servlet.*;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@RestController
public class CorsController {
@GetMapping("/getCookie")
public ResultBean getCookie(@CookieValue(value="cookie1") String cookie){
System.out.println("CorsController.getCookie()");
return new ResultBean("getCookie" + cookie1);
}
}
前端代码略
总结:带cookie的请求跨域是不能把Access-Control-Allow-Origin指定为*号的,修改为
res.addHeader("Access-Control-Allow-Origin","http://localhost:8081");
同时还需要指定Access-Control-Allow-Credentials等于true
package vip.fkandy;
import javax.servlet.*;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
public class CrosFilter implements Filter {
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletResponse res = (HttpServletResponse)response;
//支持cookie跨域Access-Control-Allow-Origin必须是全匹配
res.addHeader("Access-Control-Allow-Origin","http://localhost:8081");
//支持cookie跨域,必须指定Access-Control-Allow-Credentials等于true
res.addHeader("Access-Control-Allow-Credentials","true");
res.addHeader("Access-Control-Allow-Methods","*");
res.addHeader("Access-Control-Allow-Headers","Content-Type");
res.addHeader("Access-Control-Max-Age","3600");
chain.doFilter(request,response);
}
}
但是,目前只支持http://localhost:8081一个ip的带cookie跨域请求,如何支持所有域调用呢?
package vip.fkandy;
import javax.servlet.*;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
public class CrosFilter implements Filter {
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletResponse res = (HttpServletResponse)response;
HttpServletRequest req = (HttpServletRequest)request;
//支持所有域名跨域
String origin = req.getHeader("Origin");
if(!StringUtils.isEmpty(origin)){
res.addHeader("Access-Control-Allow-Origin",origin);
}
//支持cookie的相应头
res.addHeader("Access-Control-Allow-Credentials","true");
res.addHeader("Access-Control-Allow-Methods","*");
res.addHeader("Access-Control-Allow-Headers","Content-Type");
res.addHeader("Access-Control-Max-Age","3600");
chain.doFilter(request,response);
}
}