跨域之CorsFilter
https://blog.csdn.net/weixin_52236586/article/details/130047812
Spring Cloud 解决跨域
https://www.cnblogs.com/javastack/p/17701725.html
Spring 5 Webflux中,配置CORS,可以通过自定义WebFilter实现
https://www.jb51.net/article/217467.htm
跨域处理 GlobalCorsConfig
@Configuration
public class GlobalCorsConfig { // https://www.freesion.com/article/1770121686
@Bean
public FilterRegistrationBean corsFilter() {
CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
config.addAllowedOriginPattern("*");
//config.addAllowedOrigin("*");
config.addAllowedHeader("*");
config.addAllowedMethod("*"); //GET,HEAD,POST,OPTIONS,DELETE
config.setMaxAge(1800L); //设置时长
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", config);
FilterRegistrationBean cros = new FilterRegistrationBean(new CorsFilter(source));
//设置优先级最高
cros.setOrder(Ordered.HIGHEST_PRECEDENCE);
return cros;
}
}
SpringBoot 跨域配置类 过滤器跨域配置
//public class GlobalCorsConfig implements Filter {
//
// @Override
// public void init(FilterConfig filterConfig) throws ServletException {
//
// }
//
// @Override
// public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
// throws IOException, ServletException {
//
// HttpServletRequest request = (HttpServletRequest) servletRequest;
// HttpServletResponse response = (HttpServletResponse) servletResponse;
// response.setContentType("textml;charset=UTF-8");
// response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin"));
// response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
// response.setHeader("Access-Control-Max-Age", "0");
// response.setHeader("Access-Control-Allow-Headers","Origin, No-Cache, X-Requested-With, If-Modified-Since, Pragma, Last-Modified, Cache-Control, Expires, Content-Type, X-E4M-With,userId,token");
// response.setHeader("Access-Control-Allow-Credentials", "true"); // 是否支持cookie跨域
// response.setHeader("XDomainRequestAllowed", "1");
// filterChain.doFilter(servletRequest, servletResponse);
//
// }
//
// @Override
// public void destroy() {
//
// }
//}
webmvc
@Configuration
public class GlobalCorsConfig implements WebMvcConfigurer {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")//所有接口都支持跨域
.allowedOrigins("*")//所有地址都可访问
.allowCredentials(true)
.allowedMethods("*")//"GET","HEAD","POST","PUT","DELETE","OPTIONS"
.maxAge(3600);//允许跨域时间
}
}
配置方法3
public class GlobalCorsConfig {
@Bean
public CorsFilter corsFilter() {
//1. 添加 CORS配置信息
CorsConfiguration config = new CorsConfiguration();
//放行哪些原始域
config.addAllowedOrigin("*");
//是否发送 Cookie
config.setAllowCredentials(true);
//放行哪些请求方式
config.addAllowedMethod("*");
//放行哪些原始请求头部信息
config.addAllowedHeader("*");
config.setMaxAge(Duration.ofHours(6));
config.addExposedHeader("Content-Type");
config.addExposedHeader("X-Requested-With");
config.addExposedHeader("accept");
config.addExposedHeader("Origin");
config.addExposedHeader("Access-Control-Request-Method");
config.addExposedHeader("Access-Control-Request-Headers");
//2. 添加映射路径
UrlBasedCorsConfigurationSource corsConfigurationSource = new UrlBasedCorsConfigurationSource();
corsConfigurationSource.registerCorsConfiguration("/**", config);
//3. 返回新的CorsFilter
return new CorsFilter(corsConfigurationSource);
}
@Bean
public FilterRegistrationBean corsFilterRegistration() {
FilterRegistrationBean registration = new FilterRegistrationBean();
registration.setFilter(corsFilter());
registration.addUrlPatterns("/*");
registration.setName("corsFilter");
registration.setOrder(-99999);
return registration;
}
}
问题
has been blocked by CORS policy: Response to preflight request doesn‘t pass access control check 报错
由于浏览器将CORS请求分为两类:简单请求(simple request)和非简单请求(not-simple-request)。非简单请求 会在正式通信之前,增加一次HTTP请求,称之为预检请求。浏览器会先发起OPTIONS方法到服务器,以获知服务器是否允许该实际请求。
这是在第一次预请求时候没有请求成功,预请求不成功。
第一,先找到后台对应的接口,让后台去检查接口是否有抛出异常但是没有正常捕获。
第二,前端vue中注意点是请求的时候有没有使用content-type:application/json还有qs.string()
链接:https://www.jianshu.com/p/a2fd613a825c
CORS支持所有类型的HTTP请求,是跨域HTTP请求的根本解决方案
JSONP只支持GET请求,JSONP的优势在于支持老式浏览器,以及可以向不支持CORS的网站请求数据。
不管是Node中间件代理还是nginx反向代理,主要是通过同源策略对服务器不加限制。
前端
login.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>SSO服务</title>
<script type="text/javascript" src="https://cdn.staticfile.org/jquery/1.10.2/jquery.min.js"></script>
<script type="text/javascript" src="./login.js"></script>
</head>
<body>
<h3>SSO登录 参数: {"account":"15029200344", "password":"123456", "captcha": "", "captchaType": 0}</h3>
<form id="loginForm">
<div>
用户名:<input id="account" type="text" value="15029200344" size=30 placeholder="输入用户名"/>
密码:<input id="password" type="password" value="123456" placeholder="输入密码"/>
<button id="submit" type="button">登录</button>
</div>
</form>
</body>
</html>
login.js
$(function () {
//给登录按钮绑定单击事件
console.log("---start-----")
var account = $("#account").val().trim();
var password = $("#password").val().trim();
console.log("account:" + account + ", password:" + password)
var token = "";
$("#submit").click(function () {
//2.发送ajax请求,提交表单数据
// $.post("/sso/login"), $("#loginForm").serialize(), function (data){ console.log(data) }
var dataForm = {
"account": account,
"password": password,
"captcha": "",
"captchaType": 0
}
// http://localhost:8101/sso/login
$.ajax({
url: "/sso/login",
type: "post",
headers: {
"Authorization": "Bearer " + token,
"token": token
},
contentType: "application/json;charset=utf-8",
//dataType: "json",
data: JSON.stringify(dataForm),
beforeSend: function(req){
console.log(window.location)
//console.log(req)
},
success: function (rsp) {
//debugger
console.log(JSON.stringify(rsp))
if (rsp.code == 200) {
token = rsp.data.token
//window.location = "/index.html"
}
},
error() {
console.log("error1")
}
});
});
});
参考资料
跨域处理 SpringBoot、SpringMVC、SpringSecurity
https://zszxz.com/article/213
Spring Security拦截器引起Java CORS跨域失败的问题及解决
http://www.cppcns.com/ruanjian/java/409340.html
https://www.jb51.net/article/217619.htm
九种跨域方式实现原理
https://blog.csdn.net/qq_42380656/article/details/96479597