在项目当中,现在开发都是前后端分离,有时候会产生请求的跨域,这个时候一般的解决方案有两种,一种是基于nginx进行跨域配置,还有一种是后端通过实现filter来允许跨域,下面看一下通过filter实现的跨域代码:
@Component
@Order(Ordered.HIGHEST_PRECEDENCE)
public class CorsFilter implements Filter {
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
//设置请求允许跨域
response.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, request.getHeader("Origin"));
response.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true");
//设置跨域-方法OK
response.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, StringUtil.join(RequestMethod.values()));
//设置跨域-请求头
response.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, StringUtil.join(new String[]{
HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS,
HttpHeaders.CONTENT_TYPE,
HttpHeaders.ACCEPT,
HttpHeaders.ORIGIN}));
/**
* 预检查后,在 3600s 内不需要再预检查,直接进行请求
*/
response.setHeader(HttpHeaders.ACCESS_CONTROL_MAX_AGE, "3600");
/**
* POST @RequestBody 类型参数接口会发一次 {@link RequestMethod#OPTIONS} 方式的请求进行预检查
* 需要捕获(否则后端{@link HttpServletRequest#getRequestURI()} 没有对应的 {@link RequestMethod.OPTIONS} 请求方式)
* 捕获后返回 {@link HttpStatus#SC_NO_CONTENT} 请求码即可
*/
if (RequestMethod.OPTIONS.name().equals(request.getMethod())) {
response.setStatus(HttpStatus.SC_NO_CONTENT);
} else {
chain.doFilter(req, res);
}
}
@Override
public void init(FilterConfig filterConfig) {
}
@Override
public void destroy() {
}
}