简单描述下产生跨域的原因:当你在域名A的系统下访问域名为B的系统,这时候就会产生跨域问题。
针对此次在项目中遇到的跨域问题,小小的记录一下解决方法(本人使用的是java语言开发的web应用)。话不多说,撸代码,下面是我写一个自定义Filter(在服务端解决跨域问题),记住要在web.xml中声明Filter。
package com.sf.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.context.WebApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;
import com.sf.common.constants.SymbolConsts;
import com.sf.common.constants.SysConfig;
import com.sf.eomp.allocate.biz.ISysParamSetUpBiz;
/**
* Servlet Filter implementation class MyFilter
*/
public class CrossDomainFilter implements Filter {
private static Logger logger = LoggerFactory.getLogger(CrossDomainFilter.class);
private ISysParamSetUpBiz sysParamSetUpBiz;
/**
* @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain)
*/
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) resp;
HttpServletRequest request = (HttpServletRequest) req;
try {
String corss = getCross(request);
if(StringUtils.isNotBlank(corss)) {
response.setHeader("Access-Control-Allow-Origin", corss);
}
/*String origin = request.getHeader("Origin");
if(StringUtils.isNotBlank(origin)) {
response.setHeader("Access-Control-Allow-Origin", origin); //解决跨域问题 "http://10.118.66.66:8080"
}*/
// response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Allow-Methods", "POST, PUT, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "3600"); //设置过期时间
response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, client_id, uuid, Authorization");
response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); // 支持HTTP 1.1.
response.setHeader("Pragma", "no-cache"); // 支持HTTP 1.0. response.setHeader("Expires", "0");
if (RequestMethod.OPTIONS.name().equals(request.getMethod())){//这里通过判断请求的方法,判断此次是否是预检请求,如果是,立即返回一个204状态吗,标示,允许跨域;预检后,正式请求,这个方法参数就是我们设置的post了
response.setStatus(HttpStatus.OK.value()); //HttpStatus.OK = 200
logger.info("==========请求开始 Request Method: OPTIONS requestUrl:{} cookie:{}", request.getRequestURL(), request.getCookies());
// response.getWriter().flush();
}else {
chain.doFilter(req, resp);
}
} catch (Exception e) {
logger.error("获取跨域域名异常:{}", e);
}
}
/**
* 获取可跨域地址
* @param request
* @return
*/
private String getCross(HttpServletRequest request) {
String origin = request.getHeader("Origin");
String crossDomains = sysParamSetUpBiz.getCacheValue(SysConfig.CROSS_DOMAIN_CONFIG);
String[] crossArr = crossDomains.split(SymbolConsts.COMMA);
for(String value : crossArr) {
if(value.equals(origin)) {
return value;
}
}
return null;
}
/**
* Default constructor.
*/
public CrossDomainFilter() {
}
/**
* @see Filter#destroy()
*/
public void destroy() {
}
/**
* @see Filter#init(FilterConfig)
*/
public void init(FilterConfig fConfig) throws ServletException {
ServletContext sc = fConfig.getServletContext();
WebApplicationContext context = WebApplicationContextUtils.getWebApplicationContext(sc);
if(context != null && context.getBean("sysParamSetUpBiz") != null && sysParamSetUpBiz == null){
sysParamSetUpBiz = (ISysParamSetUpBiz) context.getBean("sysParamSetUpBiz");
}
}
}
web.xml中添加
<filter>
<filter-name>cors</filter-name>
<filter-class>com.sf.filter.CrossDomainFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>cors</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
“Access-Control-Allow-Origin"不允许设置为” * ",原因很明显,ajax请求时把withCredentials属性设置为true,会将cookie传到服务器,这时就需要指定域,所以需要替换 " * " 为指定域,为了提高系统安全性,项目中一般也不会设置 * ,建议将允许跨域的域配置在配置文件中,每次请求时匹配访问的域是否存在配置中,成功则将该域设置在下方"http://test.com"处
response.setHeader("Access-Control-Allow-Origin", "http://test.com");
(注:支持withCredentials属性的浏览器有Firefox 3.5+、Safari 4+和Chrome,IE10及更早版本都不支持。因此,如果要求传入cookie并且兼容IE9或更低版本的ie浏览器,可以使用JSONP(目前解决跨域问题的主流处理方式是使用JSONP)
因为我们发送的是带凭据(withCredentials:true)的请求,但服务器的相应中没有包含这个头部,那么浏览器就不会把相应交给JavaScript(于是,responseText中将是空字符串,status的值为0,而且会调用onerror()事件处理程序),这时需要在服务器端设置
response.setHeader("Access-Control-Allow-Credentials", true);
设置完成后,数据请求成功,哈哈!
学习:CORS跨域
希望此文对您有所帮助!