全局跨域:
方式1:
springboot2.0
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
@Configuration
public class WebMvcConfig extends WebMvcConfigurerAdapter {
@Override
public void addCorsMappings(CorsRegistry registry) {
//添加映射路径
registry.addMapping("/**")
//表示允许所有的域都可以请求
.allowedOrigins("*")
//表示在3600秒内不需要再发送预校验请求
.maxAge(3600)
//是否发送Cookie信息
.allowCredentials(true)
//表示允许跨域请求的方法
.allowedMethods("GET","POST", "PUT", "DELETE")
//表示允许跨域请求包含content-type
.allowedHeaders("*")
//暴露哪些头部信息(因为跨域访问默认不能获取全部头部信息)
.exposedHeaders("Header1", "Header2");
}
}
方式2:
@Configuration
public class WebMvcConfig implements WebMvcConfigurer {
/**
* 跨域配置
*
* @param registry
*/
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
// TODO 这里跨域最好配置域名
.allowedOrigins("*")
.maxAge(3600)
.allowCredentials(true)
.allowedMethods("GET", "POST", "OPTIONS");
}
}
方式3:
@Configuration
public class CorsFilterConfig {
@Bean
public CorsFilter corsFilter() {
CorsConfiguration config = new CorsConfiguration();
config.addAllowedOrigin("*");
config.setAllowCredentials(true);
config.addAllowedMethod("*");
config.addAllowedHeader("*");
config.addExposedHeader("*");
UrlBasedCorsConfigurationSource configSource = new UrlBasedCorsConfigurationSource();
configSource.registerCorsConfiguration("/**", config);
return new CorsFilter(configSource);
}
}
局部跨域:
方式1:在方法上使用注解 @CrossOrigin :
@RequestMapping("/test")
@ResponseBody
//@CrossOrigin("http://localhost:8080")
@CrossOrigin("*")
public String test( ){
return "test";
}
或者在类上使用注解 @CrossOrigin :
@Controller
//@CrossOrigin(origins = "https://xxx.com", maxAge = 7200)
@CrossOrigin(origins = "*", maxAge = 7200)
public class TestController {
@RequestMapping("/test")
@ResponseBody
public String test( ){
return "test";
}
}
方式2:
@RequestMapping("/test")
@ResponseBody
public String test(HttpServletResponse response){
//response.addHeader("Access-Control-Allow-Origin", "http://localhost:8080");
response.addHeader("Access-Control-Allow-Origin", "*");
return "test";
}
在过滤器中将数据返回,跨域需要设置:
response.addHeader("Access-Control-Allow-Origin", "*");
response.addHeader( "Cache-Control", "no-cache" );