第一步:springsecurity 配置类中实现
httpSecurity.cors().and()
// CRSF禁用,因为不使用session
.csrf().disable()
第二步:WebMvcConfigurationSupport 中处理跨域路径
@Configuration
public class CustomizeWebMvcConfigurationSupport extends WebMvcConfigurationSupport {
private CorsConfiguration buildConfig() {
CorsConfiguration corsConfiguration = new CorsConfiguration();
corsConfiguration.addAllowedOrigin("*");
corsConfiguration.addAllowedHeader("*");
corsConfiguration.addAllowedMethod("*");
corsConfiguration.addExposedHeader("Authorization");
return corsConfiguration;
}
/**
* 跨域问题
* @return
*/
@Bean
public CorsFilter corsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", buildConfig());
return new CorsFilter(source);
}
/**
* 跨域问题
* @return
*/
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedOrigins("*")
.allowCredentials(true)
.allowedMethods("GET", "POST", "DELETE", "PUT")
.maxAge(3600);
}
}
如果涉及到NGINX配置 需要添加一下配置
location / {
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept";
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
try_files $uri $uri/ /index.html;
}
try_files $uri $uri/ /index.html; 这段配置为VUE 首页的跳转路径默认配置