项目后台用header的token字段接收token数据
String token = request.getHeader("token");
前端ajax请求报错:
from origin 'http://192.168.1.100:8020' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
简单来说就是,当在进行跨域请求的时候,如果是自定义请求头,如添加自定义"token"字段,那么HTTP请求会发出一个预检请求,即OPTIONS请求,访问服务器是否允许该请求,如果浏览器没有进行跨域设置,则就会出现上面的错误。因为header没有token这个字段,识别不到
解决:
1、引入jar包
<dependency> <groupId>com.thetransactioncompany</groupId> <artifactId>cors-filter</artifactId> </dependency>
2、在Web.xml中添加CORS过滤器配置:
<filter>
<filter-name>CORS</filter-name>
<filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class>
<init-param>
<param-name>cors.allowOrigin</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>cors.supportedMethods</param-name>
<param-value>GET, POST, HEAD, PUT, DELETE</param-value>
</init-param>
<init-param>
<param-name>cors.supportedHeaders</param-name>
<param-value>token,Accept, Origin, X-Requested-With, Content-Type,
Last-Modified</param-value>
</init-param>
<init-param>
<param-name>cors.exposedHeaders</param-name>
<param-value>Set-Cookie</param-value>
</init-param>
<init-param>
<param-name>cors.supportsCredentials</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.maxAge</param-name>
<param-value>3600</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CORS</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
注意:
另外自定义请求头会导致前端请求会有两次请求,即一次option预请求,一次正常请求。 每次都会有预请求很耗时,所以我们可以在web.xml设置预请求缓存。
<init-param>
<param-name>cors.maxAge</param-name>
<param-value>3600</param-value>
</init-param>