解决浏览器跨域请求session同步问题

最新推荐文章于 2022-07-28 16:19:39 发布

peng_wei_kang

最新推荐文章于 2022-07-28 16:19:39 发布

阅读量3.3k

点赞数 1

分类专栏： Java JavaScript 文章标签：跨域请求 cookie同步 SpringBoot跨域

本文链接：https://blog.csdn.net/peng_wei_kang/article/details/80978847

版权

Java 同时被 2 个专栏收录

14 篇文章 0 订阅

订阅专栏

JavaScript

8 篇文章 3 订阅

订阅专栏

浏览器存在跨域请求

浏览器存在跨域请求问题主要来源于一下几点：

    1.浏览器自身存在安全性校验。
    2.数据请求的域名与网页加载域名不同。
    3.数据请求的端口与网页加载的端口不一致。

传统解决办法如下：

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.stereotype.Component;

public class SimpleCORSFilter implements Filter {
	
    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
        HttpServletResponse response = (HttpServletResponse) res;
        HttpServletRequest request=  (HttpServletRequest)req;
        response.setHeader("Access-Control-Allow-Credentials","true");//允许跨域加载
        response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin"));
        response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
        response.setHeader("Access-Control-Max-Age", "3600");
        response.setHeader("Access-Control-Allow-Headers", "x-requested-with");//ajax请求
        chain.doFilter(req, res);
    }

    public void init(FilterConfig filterConfig) {
    }

    public void destroy() {}

}

web.xml配置如下：

 <filter>  
     <filter-name>SimpleCORSFilter</filter-name>  
     <filter-class>com.goldenbridge.recognizesystem.utils.SimpleCORSFilter</filter-class>  
  </filter>  
  <filter-mapping>  
      <filter-name>SimpleCORSFilter</filter-name>  
      <url-pattern>/*</url-pattern>  
  </filter-mapping>

如果是SpringBoot框架（较高版本）可用一下办法解决：

package cn.pwk.antfirst.config;

import org.springframework.context.annotation.Bean;  
import org.springframework.context.annotation.Configuration;  
import org.springframework.web.cors.CorsConfiguration;  
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;  
import org.springframework.web.filter.CorsFilter;  

/**
*@author		create by pengweikang
*@date		2018年7月9日--下午5:01:28
*@problem
*@answer
*@action
*/

@Configuration
public class CorsConfig {
	
	private CorsConfiguration buildConfig() {  
        CorsConfiguration corsConfiguration = new CorsConfiguration();  
        corsConfiguration.addAllowedOrigin("*"); // 1允许任何域名使用
        corsConfiguration.addAllowedHeader("*"); // 2允许任何头
        corsConfiguration.addAllowedMethod("*"); // 3允许任何方法（post、get等） 
        return corsConfiguration;  
    }  
  
    @Bean  
    public CorsFilter corsFilter() {  
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();  
        source.registerCorsConfiguration("/**", buildConfig()); // 4  
        return new CorsFilter(source);  
    }  

}

session同步问题

说白了session同步问题就是浏览器cookie跨域共享问题，如果跨域时cookie共享，那么session就会同步，Jquery ajax请求添加以下配置（加粗部分）可使cookie跨域共享：

$.ajax({
             type: "POST",
             url: window.ServiceUrl+"/custom/clientLogin",
             crossDomain: true,
             xhrFields: { withCredentials: true },
             data: {username:loginName,password:password},
             dataType : "json",
             success: function(respMsg){
                       //正常操作
             },
             error:function(){
                 //异常操作
             }
         });

Angularjs cookie跨域同步配置（加粗部分）如下：

$http({
            method: 'POST',
            cache: false,
            withCredentials: true,
            url: ServiceUrl + '/fmsysuser/' + userId + '/client',
            headers: {'Content-Type': 'application/x-www-form-urlencoded'}
        }).then(function successCallback(res) {
                //正常处理
        },function error(resp){
            //异常处理,返回登录页
            $window.location.href="mlogin.html";
        });