CORS是一个W3C标准,全称是"跨域资源共享"(Cross-origin resource sharing)。
它允许浏览器向跨源服务器,发出XMLHttpRequest
请求,从而克服了AJAX只能同源使用的限制。
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest httpRequest = (HttpServletRequest) request; HttpServletResponse httpResponse = (HttpServletResponse) response; // 跨域 String origin = httpRequest.getHeader("Origin"); if (origin == null || origin.trim().length() == 0) { httpResponse.addHeader("Access-Control-Allow-Origin", "*"); } else { httpResponse.addHeader("Access-Control-Allow-Origin", origin); } httpResponse.addHeader("Access-Control-Allow-Headers", "token, Origin, x-requested-with, Content-Type, Accept,X-Cookie,Cookie"); httpResponse.addHeader("Access-Control-Allow-Credentials", "true"); httpResponse.addHeader("Access-Control-Allow-Methods", "GET,POST,PUT,OPTIONS,PATCH,DELETE"); if (httpRequest.getMethod().equals("OPTIONS")) { httpResponse.setStatus(HttpServletResponse.SC_OK); return; } chain.doFilter(request, response); } |
上面代码就是实行跨域访问的后端代码
前端代码网上一大堆,我这里不做搬运工了
亲测试ie10~11,Firefox,Chrome可以
但是IE8不支持cors协议,网上有很多解决方案,但在特定电脑上一直不通过,如果不需要支持ie8的小伙伴可以考虑