When allowCredentials is true, allowedOrigins cannot contain the special value "*"since that cannot be set on the “Access-Control-Allow-Origin” response header. To allow credentials to a set of origins, list them explicitly or consider using “allowedOriginPatterns” instead.
在进行配置跨域时,由原先的
configuration.addAllowedOrigin("*");
改为
configuration.addAllowedOriginPattern("*");
第一种配置方法:
配置代码:
@Configuration
public class CorsConfig {
private CorsConfiguration buildConfig(){
CorsConfiguration configuration = new CorsConfiguration();
//设置属性
//允许所有的跨域请求地址,*代表所有
configuration.addAllowedOriginPattern("*");
//配置跨域请求头
configuration.addAllowedHeader("*");
//配置跨域请求方法
configuration.addAllowedMethod("*");
//表示跨域请求的时候,是否使用同一个session
configuration.setAllowCredentials(true);
return configuration;
}
//把上面的配置加载进来
@Bean
public CorsFilter corsFilter(){
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**",buildConfig());
return new CorsFilter(source);
}
}
第二种请求跨域配置方法:(使用注解,在Controller配置)
@Controller
@CrossOrigin(originPatterns = "*",allowedHeaders = "*",methods = {},allowCredentials = "true")
public class TestController {
@RequestMapping("auth/login")
public String hello(){
System.out.println("hello");
return "";
}
}
两者主要区别在于
配置跨域Config类的话,这样是全局跨域。
注解的话,只局限于这个controller类,使用时需要一个一个配置。