项目背景
前端 vue
后端 spring security
问题
vue部署的页面调用登录接口一直提示跨域
未使用spring security之前的跨域解决方案
@Slf4j
@Component
public class CrosFilter implements Filter {
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
HttpServletResponse httpServletResponse = (HttpServletResponse) response;
httpServletResponse.setHeader("Access-Control-Allow-Origin", "*");
httpServletResponse.setHeader("Access-Control-Allow-Headers", "accept,content-type," );
httpServletResponse.setHeader("Access-Control-Allow-Methods", "POST, GET, PUT, OPTIONS, DELETE, PATCH");
httpServletResponse.setHeader("Access-Control-Allow-Credentials", "true");
chain.doFilter(request, httpServletResponse);
}
}
接入spring security之后此方案已失效
百度搜索相关内容,找到一篇文章,文章链接 Spring Security认证
接入到项目中之后,error中提示 allowCredentials为true的情况下,AllowedOrigin不允许使用 “*”,针对此问题做了微小的调整
最终解决方案如下
http.cors().configurationSource(corsConfigurationSource())
public CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration corsConfiguration = new CorsConfiguration();
// 设置允许跨域的站点
// 原文配置
//corsConfiguration.addAllowedOrigin("*");
// 替换为此配置
corsConfiguration.addAllowedOriginPattern("*");
// 设置允许跨域的http方法
corsConfiguration.addAllowedMethod("*");
// 设置允许跨域的请求头
corsConfiguration.addAllowedHeader("*");
// 允许带凭证
corsConfiguration.setAllowCredentials(true);
// 对所有的url生效
UrlBasedCorsConfigurationSource source = new
UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", corsConfiguration);
return source;
}
//corsConfiguration.addAllowedOrigin("*");
// 替换为此配置
corsConfiguration.addAllowedOriginPattern("*");
大功告成,记录一下,百度的想要抓狂!