问题
@RequestMapping("/demo")
@RestController
public class CorsTestController {
@GetMapping("/sayHello")
public String sayHello() {
return "hello world !";
}
}
使用js访问报错
var xhr = new XMLHttpRequest();
xhr.open('GET', 'http://127.0.0.1:8080/demo/sayHello');
xhr.send(null);
xhr.onload = function(e) {
var xhr = e.target;
console.log(xhr.responseText);
}
结果
Access to XMLHttpRequest at 'http://127.0.0.1:8080/demo/sayHello'
from origin 'https://blog.csdn.net' has been blocked by CORS policy:
No 'Access-Control-Allow-Origin' header is present on the requested resource.
解决
如果一个请求需要允许跨域访问,则需要在http头中设置Access-Control-Allow-Origin来决定需要允许哪些站点来访问。如假设需要允许https://www.dustyblog.c这个站点的请求跨域,则可以设置:
Access-Control-Allow-Origin:https://www.dustyblog.cn
SpringBoot中CrossOrigin
注解可以实现此功能
@RequestMapping("/demo2")
@RestController
//@CrossOrigin //所有域名均可访问该类下所有接口
@CrossOrigin("https://blog.csdn.net") // 只有指定域名可以访问该类下所有接口
public class CorsTest2Controller {
@GetMapping("/sayHello")
public String sayHello() {
return "hello world --- 2";
}
}
参考:
https://www.cnblogs.com/vandusty/p/11408422.html