趁今天有空,记录一下自己在做项目的时候遇到的问题吧
项目场景:
我把自己做的停车场项目,改造成Springcloud微服务中遇到的问题
问题描述:
一:前后端跨域问题
前后端跨域是很常见的问题吧,在之前使用SSM框架时,我是通过后端设置请求头来解决的,代码如下,可以成功解决。
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse httpResponse = (HttpServletResponse) servletResponse;
httpResponse.addHeader("Access-Control-Allow-Origin", request.getHeader("origin"));
//httpResponse.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
httpResponse.setHeader("Access-Control-Allow-Headers", "Origin, No-Cache, X-Requested-With, If-Modified-Since, Pragma, Last-Modified, Cache-Control, Expires, Content-Type, X-E4M-With,userId,access_token,refresh_token");
httpResponse.setHeader("Access-Control-Allow-Methods", "GET, PUT, DELETE, POST");
httpResponse.setHeader("Access-Control-Allow-Credentials", "true");
httpResponse.setHeader("Access-Control-Max-Age", "0");
httpResponse.setContentType("text/html;charset=UTF-8");
httpResponse.setHeader("XDomainRequestAllowed","1");
filterChain.doFilter(servletRequest, servletResponse);
}
本来单体应用设置过滤器就可以了,因为我是改造成微服务架构,使用zuul网关进行过滤,并且把它设置成在路由之前调用,一级执行,然后问题由此产生了。我使用postman测试是没有问题的,但是在前端使用Ajax请求时,就会产生跨域问题,当时百思不得其解。附上我的网关跨域过滤器代码
@Component //跨域过滤器
public class TokenFilter extends ZuulFilter {
@Override
public String filterType() {
return FilterConstants.PRE_TYPE; //在请求被路由之前调用
}
@Override
public int filterOrder() {
//filter一级执行
return FilterConstants.PRE_DECORATION_FILTER_ORDER-1;
}
@Override
public boolean shouldFilter() {
return true;
}
@Override
public Object run() throws ZuulException {
//获取请求的对香
RequestContext requestContext = RequestContext.getCurrentContext();
HttpServletRequest request = requestContext.getRequest();
HttpServletResponse httpResponse = requestContext.getResponse();
//配置请求头
httpResponse.addHeader("Access-Control-Allow-Origin", request.getHeader("origin"));
//httpResponse.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
httpResponse.setHeader("Access-Control-Allow-Headers", "Origin, No-Cache, X-Requested-With, If-Modified-Since, Pragma, Last-Modified, Cache-Control, Expires, Content-Type, X-E4M-With,userId,access_token,refresh_token");
httpResponse.setHeader("Access-Control-Allow-Methods", "GET, PUT, DELETE, POST,OPTIONS");
httpResponse.setHeader("Access-Control-Allow-Credentials", "true");
httpResponse.setHeader("Access-Control-Max-Age", "0");
httpResponse.setContentType("text/html;charset=UTF-8;application/json;x-www-form-urlencoded");
httpResponse.setHeader("XDomainRequestAllowed","1");
httpResponse.setHeader("X-Content-Type-Options","no-sniff");
//跨域一共进行两次请求 先发送options 是否可以请求
//调试可发现一共拦截两次 第一次请求为options,第二次为正常的请求 eg:get请求
if ("OPTIONS".equalsIgnoreCase(request.getMethod())){
requestContext.setSendZuulResponse(false);//验证请求不进行路由
requestContext.setResponseStatusCode(HttpStatus.OK.value());//返回验证成功的状态码
requestContext.set("isSuccess",true);
return null;
}
//第二次请求
//无需token验证
requestContext.setSendZuulResponse(true);//对请求进行路由
requestContext.setResponseStatusCode(HttpStatus.OK.value());
requestContext.set("isSuccess",true);
return null;
}
}
原因分析:
在chrome进行调试,发现Network中"Access-Control-Allow-Origin"中设置了两次???
发现 “Access-Control-Allow-Origin” :"*"???(找不到截图了抱歉)
小tips:设置为*代表着所有域名都可以访问,一般这么设置是可以的,但是我这么设还是会跨越,而且不安全。
但是我在过滤器中已经设置的是 httpResponse.addHeader(“Access-Control-Allow-Origin”, request.getHeader(“origin”));
即首先动态的获取然后再允许访问
解决方案:
不断的debug然后发现,我是在controller层又加了一个@CrossOrigin注解(被自己蠢哭),因为没有配置注解,所以他又给我改成了**“Access-Control-Allow-Origin” :"*"**。
删掉注解,问题解决。希望对有和我一样问题的小伙伴有帮助吧。