跨域问题
response.setHeader(“Access-Control-Allow-Origin”, “*”);
response.setHeader(“Access-Control-Allow-Methods”, “POST, GET, OPTIONS, DELETE”);
response.setHeader(“Access-Control-Allow-Headers”, “x-requested-with”);
在服务器端加上以上代码就可以了,主要是第一行允许其它域名的访问。
后台设置代码与拦截器
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class AuthFilter implements Filter {
private String localLoginUrl;
@Override
public void init(FilterConfig filterConfig) throws ServletException {
this.localLoginUrl = filterConfig.getInitParameter("localLoginUrl");
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
request.setCharacterEncoding(localLoginUrl);
httpResponse.setContentType("text/html;charset="+localLoginUrl);
httpResponse.setHeader("Pragma","No-cache");
httpResponse.setHeader("Cache-Control","no-cache");
httpResponse.setDateHeader("Expires", 0);
httpResponse.setHeader("Access-Control-Allow-Origin", httpRequest.getHeader("Origin"));
httpResponse.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
httpResponse.setHeader("Access-Control-Max-Age", "3600");
httpResponse.setHeader("Access-Control-Allow-Headers", "x-requested-with");
httpResponse.setHeader("Access-Control-Allow-Credentials","true");
chain.doFilter(request, response);
}
public void destroy() {}
}
同时客户端请求代码中添加
如 Angular 中
app.config(function ($httpProvider) {
$httpProvider.defaults.withCredentials = true;
});
session失效问题:
在我们每一次的数据请求中,浏览器都会向后台发送一个JSession,后台会根据这个值自动查找Id为JSession的那个session对象。但是当跨域时,JSession的值每次都会改变,后台就会以为是新的一个会话打开,于是又去创建了一个新的Session对象,而原来的Session对象就找不到了。
当我们登录成功后保存一个token到session中去,下一个请求来的时候又会重建一个session,原来的session就取不到了,于是还是未登录状态。解决这个问题只要加上这句就可以了:
response.setHeader(“Access-Control-Allow-Credentials”,”true”); //是否支持cookie跨域
配置了allow-credentials之后,如果allow-origin设为*,跨域时会报错说因为允许credentials,origin不能设为通配*,那么就设置为当前domain。
response.setHeader(“Access-Control-Allow-Origin”, request.getHeader(“Origin”));