最近由于业务需要,在子系统通过跨域请求获取总系统上的数据。
踩坑1:
前端需要设置跨域条件如:
1.ajax:
$.ajax({
url: 'http://127.0.0.1:8082/uc/auth?callback=call',
type: 'get',
dataType: 'jsonp', // 请求方式为jsonp
crossDomain: true,//跨域
xhrFields:{
withCredentials:true
},//跨域
crossDomain:true,跨域
success: function(data) {
},
data: {}
});
2.通过过滤器
/*自定义拦截器 用于给每个都加上跨域的头*/
public class CORSFilter implements Filter {
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
//变成http的
HttpServletResponse resp = (HttpServletResponse) response;
// 添加参数,允许任意domain访问
resp.setContentType("text/html;charset=UTF-8");
//禁用缓存,确保网页信息是最新数据
resp.setHeader("Pragma","No-cache");
resp.setHeader("Cache-Control","no-cache");
resp.setHeader("Access-Control-Allow-Origin", "*");
resp.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, HEAD, DELETE, PUT");
resp.setHeader("Access-Control-Max-Age", "3600");
resp.setHeader("Access-Control-Allow-Headers",
"X-Requested-With, Content-Type, Authorization, Accept, Origin, User-Agent, Content-Range, Content-Disposition, Content-Description");
resp.setDateHeader("Expires", -10);
chain.doFilter(request, resp);
}
public void init(FilterConfig filterConfig) {}
public void destroy() {}
}
坑2:
返回数据需要通过函数操作:
服务端接收函数:
@GetMapping("/auth")
public String auth(String callback) {
if (notAllowAuth()) {
return "禁止该网点单点登录";
}
return callback + "('" + token + "')";
}
返回的是callback函数
function call(username, token) {
console.log(username);
console.log(token);
document.cookie="x-token="+token;
}