现在做的项目是前后台分离,并且前台后台之间还有个中间层,前台是混合APP,ajax请求到中间层,中间层再http请求后台。
对后台没有任何修改。ajax跨域和跨域后session不一致一起解决。亲测有效!
一、ajax跨域请求
Java后台解决方式,请求端无需任何修改。
1.添加jar包:cors-filter-1.7.jar, java-property-utils-1.9.jar。
2.XML添加配置:
<!-- 跨域配置-->
<filter>
<!-- The CORS filter with parameters -->
<filter-name>CORS</filter-name>
<filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class>
<!-- Note: All parameters are options, if omitted the CORS
Filter will fall back to the respective default values.
-->
<init-param>
<param-name>cors.allowGenericHttpRequests</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.allowOrigin</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>cors.allowSubdomains</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>cors.supportedMethods</param-name>
<param-value>GET, HEAD, POST, OPTIONS</param-value>
</init-param>
<init-param>
<param-name>cors.supportedHeaders</param-name>
<param-value>Accept, Origin, X-Requested-With, Content-Type, Last-Modified</param-value>
</init-param>
<init-param>
<param-name>cors.exposedHeaders</param-name>
<!--这里可以添加一些自己的暴露Headers -->
<param-value>X-Test-1, X-Test-2</param-value>
</init-param>
<init-param>
<param-name>cors.supportsCredentials</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.maxAge</param-name>
<param-value>3600</param-value>
</init-param>
</filter>
<filter-mapping>
<!-- CORS Filter mapping -->
<filter-name>CORS</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
注:添加为第一个filter。
二、跨域后session不共用解决方式
1,继承Filter类的类中,doFilter方法添加一下代码:
/*因跨域后session不一致,添加代码 begin ----*/
HttpServletRequest request2 = (HttpServletRequest) request;
HttpServletResponse response2 = (HttpServletResponse) response;
response2.setHeader("Access-Control-Allow-Origin", request2.getHeader("Origin"));
response2.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
response2.setHeader("Access-Control-Max-Age", "3600");
response2.setHeader("Access-Control-Allow-Headers", "x-requested-with");
response2.setHeader("Access-Control-Allow-Credentials","true"); //是否支持cookie跨域
/* ----end----*/
2,ajax请求中添加参数:
xhrFields: {
withCredentials: true
},
crossDomain: true,
添加在success : function(data) {}前。