用@CrossOrigin
springboot2 的 @CrossOrigin 的 allowCredentials默认不为true(字符串),不开启
开启 allowCredentials=“true” 后 Origin不能等于"*"
本地html的Origin=“null”
让本地html可以访问的方法为👇
@CrossOrigin(allowCredentials = "true" , origins = "null" )
用HttpFilter
在 @SpringBootApplication 旁添加 @org.springframework.boot.web.servlet.ServletComponentScan
@org.springframework.boot.web.servlet.ServletComponentScan
Filter👇
import java.io.IOException;
import javax.servlet.*;
import javax.servlet.http.*;
/**
* 用于跨域的Filter
* 在启动方法添加 @org.springframework.boot.web.servlet.ServletComponentScan
*/
@javax.servlet.annotation.WebFilter(urlPatterns="/*")
public class 跨域 extends HttpFilter{
private static final long serialVersionUID = 1L;
@Override
protected void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
throws IOException, ServletException {
// System.out.println("执行跨域Filter 的 doFilter()方法");
// if("OPTIONS".equals(request.getMethod())){
if(true) {
String origin = request.getHeader("origin");
response.setHeader("Access-Control-Allow-Headers", "access-control-allow-origin, content-type, *");
response.setHeader("Access-Control-Allow-Origin", origin); //allow-origin 只允许有一个
response.addHeader("Access-Control-Allow-Credentials", "true");
response.addHeader("Access-Control-Allow-Methods", "GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH");
}
super.doFilter(request, response, chain);
}
}