1. 问题概述
采用前后端分离的模式开发,在其他电脑上访问网页的时候,与后段交互出现跨域报错,报错内容如下。在网上找了许多资料后,通过拦截器的方式解决问题,在此记录一下。
注:这里说的是基于配置拦截器后,因为拦截器导致的跨域问题的解决方式,关于常见CORS的解决方案,见Springboot2.0解决跨域问题
- 报错记录
Request header field token is not allowed by Access-Control-Allow-Headers in preflight response.
2. 解决方式
2.1 新建一个拦截器
@Component
public class CORSInterceptor implements HandlerInterceptor{
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Allow-Methods", "*");
response.setHeader("Access-Control-Allow-Headers", "*"); // 也可以写为传输的key,如token
response.setHeader("Access-Control-Expose-Headers", "*");
return true;
}
}
2.2 配置拦截器
package com.cn.boe.b7.cim.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
import com.cn.boe.b7.cim.interceptor.AuthorityHandlerInterceptor;
import com.cn.boe.b7.cim.interceptor.CORSInterceptor;
/**
* 配置拦截器
*
* @author 1218480
*
*/
@Configuration
@CrossOrigin
public class AuthorityConfigurer implements WebMvcConfigurer {
@Autowired
private CORSInterceptor corsInterceptor;
// 用来注册拦截器,我们自己写好的拦截器需要通过这里添加注册才能生效
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(corsInterceptor).addPathPatterns("/**"); // 一定要把解决跨域的拦截器配置在其他拦截器前,否则不生效
}
}
以上,问题解决
3.firefox支持
以上方式,经测试解决了chrome浏览器时的问题,但未解决firefox浏览时的跨域问题。要解决此问题,在response的header的Access-Control-Allow-Headers中加入Content-Type。因我后台要进行token验证,所以也加入token,拦截器代码修改如下
package com.cn.boe.b7.cim.interceptor;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;
@Component
public class CORSInterceptor implements HandlerInterceptor{
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Allow-Methods", "*");
response.setHeader("Access-Control-Allow-Headers", "Content-Type,token");//这里“token”是我要传到后台的内容key
response.setHeader("Access-Control-Expose-Headers", "*");
return true;
}
}