关于Ajax带自定义头的跨域请求,请往下看:
模拟两种传递header自定义头的方式:
$.ajax({
type:"get",
url:base+"/getHeader",
headers:{
"x-header1":"AAA"
},
beforeSend:function(xhr){
xhr.setRequestHeader("x-header2","BBB");
}
})
接收端:
import javax.servlet.*;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@RestController
public class CrosController
@GetMapping("/getHeader")
public ResultBean getHeader(@RequestHeader("x-header1") String header1,@RequestHandler("x-header2") String header2){
System.out.println("CrosController.getHeader()");
return new ResultBean("getHeader" + header1 + " " + header2);
}
}
在浏览器Header中会发现增加了如下:
Access-Control-Request-Headers: x-header1,x-header2
后端需要修改为:
package vip.fkandy;
import javax.servlet.*;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
public class CrosFilter implements Filter {
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletResponse res = (HttpServletResponse)response;
HttpServletRequest req = (HttpServletRequest)request;
//支持所有域名跨域
String origin = req.getHeader("Origin");
if(!StringUtils.isEmpty(origin)){
res.addHeader("Access-Control-Allow-Origin",origin);
}
res.addHeader("Access-Control-Allow-Credentials","true");
res.addHeader("Access-Control-Allow-Methods","*");
res.addHeader("Access-Control-Allow-Headers","Content-Type,x-header1,x-header2");
res.addHeader("Access-Control-Max-Age","3600");
chain.doFilter(request,response);
}
}
优化写法:
package vip.fkandy;
import javax.servlet.*;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
public class CrosFilter implements Filter {
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletResponse res = (HttpServletResponse)response;
HttpServletRequest req = (HttpServletRequest)request;
//支持所有域名跨域
String origin = req.getHeader("Origin");
if(!StringUtils.isEmpty(origin)){
res.addHeader("Access-Control-Allow-Origin",origin);
}
res.addHeader("Access-Control-Allow-Credentials","true");
res.addHeader("Access-Control-Allow-Methods","*");
//处理自定义头的请求
String headers = req.getHeader("Access-Control-Request-Headers");
if(!StringUtils.isEmpty(headers)){
res.addHeader("Access-Control-Allow-Headers",headers);
}
res.addHeader("Access-Control-Max-Age","3600");
chain.doFilter(request,response);
}
}