方法一、修改代码
简单的办法是在代码里添加过滤器,过滤器的response进行如下设置
response.setHeader("Access-Control-Allow-Origin", "*");
方法二、修改Tomcat配置
该配置有时不生效
下面介绍的是通过Tomcat配置允许跨域,但是如果代码里没有设置允许跨域该配置不会生效
当我们跨服务器访问时,有时会遇到跨域问题,下面是Apache提供的一种解决跨域的方案,简单粗暴,
直接修改tomcat的conf文件夹下的web.xml文件,在web-app标签里新增下方的过滤规则,
添加后重启tomcat即可
CorsFilter org.apache.catalina.filters.CorsFilter cors.allowed.origins \* cors.allowed.methods GET,POST,HEAD,OPTIONS,PUT cors.allowed.headers Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers cors.exposed.headers Access-Control-Allow-Origin,Access-Control-Allow-Credentials cors.support.credentials true cors.preflight.maxage 1800 CorsFilter /\*以下是各项参数的详细描述
param-name
description
cors.allowed.origins
A list of origins that are allowed to access the resource. A '’ can be specified to enable access to resource from any origin. Otherwise, a whitelist of comma separated origins can be provided. Ex: http://www.w3.org, https://www.apache.org.Defaults:(Any origin is allowed to access the resource).
cors.allowed.methods
A comma separated list of HTTP methods that can be used to access the resource, using cross-origin requests. These are the methods which will also be included as part of ‘Access-Control-Allow-Methods’ header in a pre-flight response. Ex: GET,POST.**Defaults:**GET,POST,HEAD,OPTIONS
cors.allowed.headers
A comma separated list of request headers that can be used when making an actual request. These header will also be returned as part of ‘Access-Control-Allow-Headers’ header in a pre-flight response. Ex: Origin,Accept.**Defaults:**Origin,Accept,X-Requested-With,Content-Type,Access-Control-Request-Method,Access-Control-Request-Headers
cors.exposed.headers
A comma separated list of headers other than the simple response headers that browsers are allowed to access. These are the headers which will also be included as part of ‘Access-Control-Expose-Headers’ header in the pre-flight response. Ex: X-CUSTOM-HEADER-PING,X-CUSTOM-HEADER-PONG.**Default:**None
cors.preflight.maxage
The amount of seconds, browser is allowed to cache the result of the pre-flight request. This will be included as part of ‘Access-Control-Max-Age’ header in the pre-flight response. A negative value will prevent CORS Filter from adding this response header from pre-flight response.**Defaults:**1800
cors.support.credentials
A flag that indicates whether the resource supports user credentials. This flag is exposed as part of ‘Access-Control-Allow-Credentials’ header in a pre-flight response. It helps browser determine whether or not an actual request can be made using credentials.**Defaults:**true
cors.logging.enabled
A flag to control logging to container logs.**Defaults:**false
cors.request.decorate
A flag to control if the request should be decorated or not.**Defaults:**true